| |
| |||||||
Log-Analyse und Auswertung: DirtyDecrypt hat Word-Dokumente infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.05.2013, 16:09
| #1 |
| |  DirtyDecrypt hat Word-Dokumente infiziert Liebe Experten, ich erhalte die Fehlermeldung beim Öffnen von Worddateien: File is encrypted This file can be decrypted using the program DirtyDecrypt.exe Press CTRL+ALT+D to run DirtyDecrypt.exe If DirtyDecrypt.exe not opened сheck the paths: C:\Program Files\Dirty\DirtyDecrypt.exe C:\Program Files (x86)\Dirty\DirtyDecrypt.exe C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe ################## Anbei die Log-Dateien: Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.05.2013 11:52:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Trojaner-Board
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 66,39% Memory free
7,71 Gb Paging File | 6,06 Gb Available in Paging File | 78,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,74 Gb Total Space | 368,87 Gb Free Space | 81,12% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 3,66 Gb Free Space | 98,08% Space Free | Partition Type: FAT32
Computer Name: JULIAMEYER-VAIO | User Name: Julia Meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FF8335B-D92F-4AED-BF54-B2598FD6A4A1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25C8F984-A4BB-4222-899C-ED41DB92564F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36254205-8B1E-46EF-BAA4-F495AB047958}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3647B58B-C759-44E3-BFB0-EF91A2897E6E}" = rport=139 | protocol=6 | dir=out | app=system |
"{381CA28C-5ADF-46C0-A3DF-146B68902800}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B106B1E-B2B8-431D-A3DC-F263FE98ABFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F1B61BA-1542-4490-99BC-0DAD14E5005A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5B34227A-4A7B-486B-801F-A8C3E8FE19B6}" = rport=137 | protocol=17 | dir=out | app=system |
"{64D29388-5066-4732-9FA3-FB35C3F9DFFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E4955B7-27A6-4BE1-92B7-4AB3B6C69D85}" = rport=445 | protocol=6 | dir=out | app=system |
"{9185B13D-8832-4E8B-8492-1F45BC7083D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92C7EC72-BC95-4E5D-8005-6AEDCF718EF5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97EEB357-A5F5-48CA-8834-EA0FDE1D8A43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B168168F-8339-4A0C-9422-82F30337478F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB5712AB-DD89-42CC-A8B1-11FC2383B9A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFD6237B-B1C1-4896-AE43-5E42902ECDEA}" = rport=138 | protocol=17 | dir=out | app=system |
"{C534098C-92D9-4E06-91A3-22C1E9959DB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA1BA894-5B8B-414E-AAC1-933455AC894E}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE9ED5B0-7878-420F-A32D-FEADC8B38E3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E41520FA-CC72-470B-942F-46093BBB8D73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5AAC7EF-08C7-420F-A83C-A3EABDFBC352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EFAFA639-E618-44B1-85C9-A0E4B3624FC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC3EC644-44B4-4DA4-BF3A-CE3A24D65AE1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125866D-7CD6-4DCB-8F76-06DC9A4F8145}" = protocol=6 | dir=out | app=system |
"{01C7CF60-F522-4CD5-A61B-59230A2096F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{02DDBF87-824B-43C3-B6E3-DFE400F50928}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{0D92D617-158D-487C-8AAF-237370913C57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{14773933-7595-45D6-A2E5-0EC971CA9A49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{16F9E3AA-D853-4385-99E0-D9AB6234B914}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1B65D98A-5219-4AB3-B85E-68C343F08343}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1C01AD73-11D9-48A1-8208-3D0D8DB7729F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1C40E454-B445-4582-85F0-1D8646E24F6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1C423D8B-5693-4313-978E-6FED5A8BFD29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22D7A7D9-B112-4CC0-877C-33FDE6D81664}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C02BCD3-4E6F-495A-A206-D41A48CC5BD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{2F42C33B-0FC9-4E6C-B9C0-326FE5B25E96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{3CB0E7BB-121E-480F-A613-F387E8ACA1AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C04FA46-F6D4-47A1-A31A-D94CCD236E00}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysinspector.exe |
"{4CD31C63-4115-42C9-98A2-EED4EEC6CE82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5238DE65-EED7-4F8A-A61A-104D8DF84320}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{53052EB9-75C2-4446-B57C-3A8C8B29CB95}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{55989371-5F2B-4467-845E-D6BAAE66BD56}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5B46B499-A1BC-42E8-B85D-520D8203AA53}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{62E32796-96A7-44A1-A72F-5855541DD133}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68DFF953-2940-46E4-903C-D302033105CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6919AE31-76C4-4952-B77F-A03CB80A0E78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{731012CF-E10E-4855-81E5-3BFAEEE2D5A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{749C7736-59B3-4A38-876C-63554ACA9115}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7695FD0C-B914-4987-B7E8-52035A344B23}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B777FAB-1E89-4561-9931-AEE492393BC0}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{7CAB9832-506A-4046-98A3-ADE936219BD2}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{898E0716-5F5F-4C53-AA12-78FAC7CA3EBB}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{8C2C39C9-B4A5-473C-A7A3-E6986284A570}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8C3ED56B-C4DE-47E9-8B3B-98C1E1B273DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{8E0F8BC7-E06C-4E62-938F-FEE23E57282D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{904D2FAE-B032-4E07-A52E-6AF8790D1E8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C6B08FB-BF78-4621-B864-97F2B479AEEF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CB2518C-78CC-44EB-9CC4-71DB06384EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A341162C-7379-4799-8E8C-2842A38E315D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A82E1B5E-4E6D-4577-98B5-514569901066}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3133068-D0D7-4D66-97AA-D55F01DF0D88}" = protocol=58 | dir=in | app=system |
"{B6A9A080-2077-4FAE-BBF5-202ADA7C576F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B9A33E70-C6F7-4785-9881-594426461179}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB47F0E1-3AA2-4844-B992-61EC5DBD0825}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4EB924D-8F57-41A2-970A-EA15D3FD65F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C534F149-68AF-47ED-8257-F4BF9B82B116}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysinspector.exe |
"{CA3A3B97-FB97-4AF2-9665-ABED8421007A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD4ABD6E-EA1A-4CAA-8D69-3B8EAD8837DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D032332C-8133-472D-91FD-91C101667A12}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D18B7F85-6ECF-4117-8DAE-896639220B7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2A03618-DFC1-4C25-B9BB-F6B5EF05CCD4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D416DD7D-7B5F-4205-98F8-1F61170D15D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D57B450F-E5FE-4B5D-85B7-E817DE1E66ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E07BA713-ACD4-44B0-9F7D-43415D541FF4}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{E4259CFB-6EC8-405C-B084-1C0389EF49ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E77CAD18-78CD-475A-AE0C-3BFC6A1945DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8923E2E-B75B-4C26-8805-46019EFFF66A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{ED9F7576-2E9A-4C64-8E17-B1D302D13102}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F262BB32-2087-481C-94A7-CA89D757D16B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5D91720-CE43-40AF-87B1-7734116A37B8}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{F8CDDCAB-D94A-49D1-B248-759BBDBFF5CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{F907F872-4AA4-4C83-88A4-93B225AEF8F1}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{FB5B58D3-A5D9-42DF-B4F5-359329E061DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD4F2939-2D63-4B6D-9F7F-550A60DCE17B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"TCP Query User{255B964C-C057-4BCA-99E3-70341518405A}E:\easysetupassistant\wr841n\easysetupassistant.exe" = protocol=6 | dir=in | app=e:\easysetupassistant\wr841n\easysetupassistant.exe |
"UDP Query User{1DC05261-FC85-4870-9990-FF25D18074D0}E:\easysetupassistant\wr841n\easysetupassistant.exe" = protocol=17 | dir=in | app=e:\easysetupassistant\wr841n\easysetupassistant.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF456ADA-407C-BFA2-52DA-08ECE9E18549}" = ccc-utility64
"{EE39D540-AB86-4F57-97CB-44D1CA5167F3}" = ESET Smart Security
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08096C0A-B9B2-7F42-3760-BD9A1CBA9A6E}" = Catalyst Control Center Graphics Full Existing
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1001266B-D4BB-46D9-B023-2612A8CE3A31}" = Nero BurnRights
"{10014C6B-F482-991B-8865-32BFEA347CE1}" = CCC Help Hungarian
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1404E04F-C98C-5195-251E-9CED867E37D7}" = CCC Help French
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1AA0193C-398B-D400-A156-C060CFDDF132}" = Catalyst Control Center Core Implementation
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233C14B1-D05F-96A7-1509-C87417F899F8}" = CCC Help Turkish
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637552C-A1EE-D6C9-3D9E-716BCB76081D}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F3CC310-EA1C-4536-A0AC-B9030BC56A3B}" = Nero BurnRights 12
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49939C5A-7835-120D-1195-7374E1AE1CAB}" = CCC Help Spanish
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5810367F-CB89-1257-0283-EC37270741E7}" = CCC Help Russian
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A4C0B1D-2379-AAE0-4907-56E83D6D8A8C}" = CCC Help Italian
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{650CF18F-629C-3CF1-307D-5C93321B41CD}" = Catalyst Control Center Graphics Full New
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69131367-6458-6271-8277-25E408572433}" = CCC Help German
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72A6B2E5-3286-4D77-8AAC-A4BE2A8FCB90}" = CCC Help Finnish
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87A29380-9FFF-6D32-BBF1-61569DFD5BEA}" = CCC Help Portuguese
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8D047BB8-0D97-4163-27CE-351BDF225D00}" = Catalyst Control Center Localization All
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E7EABFA-BF37-4824-B792-4220C9E04233}" = Nero BurnRights Help (CHM)
"{8F862B8C-D3F7-74F5-6C08-F0F70F744FF7}" = CCC Help Japanese
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A0F4F993-C4A7-F093-CF8D-5F03B39252F2}" = CCC Help Thai
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A477F82B-F291-5BB0-74FF-6654A27B311A}" = CCC Help Dutch
"{A4EFAC49-5605-E9FA-5C1B-75D8AACF6139}" = Catalyst Control Center Graphics Light
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AA668097-C081-B41E-DEDA-83BB12B7E85F}" = CCC Help Korean
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B2F0AAB1-8C1C-1EFE-6594-417BBB023D6B}" = CCC Help Czech
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0618520-5C63-1583-B78A-CEE1139EF1E6}" = CCC Help Polish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C84E8865-5E2B-5A46-99F2-B8A35917B8BF}" = Catalyst Control Center Graphics Previews Common
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D36B6249-71E7-9E85-A9D6-E2239783301E}" = CCC Help Norwegian
"{D5DC1775-F67A-6399-BE1D-960FC2254F91}" = CCC Help Chinese Standard
"{D604D3C7-337D-FE67-09DE-A641D3B4D886}" = CCC Help Danish
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD23714B-A2C6-A6D2-9309-75AFAFF1F8E6}" = CCC Help English
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7D5D189-E71D-EA01-419F-699F57B1ED65}" = Catalyst Control Center Graphics Previews Vista
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2894826-BF35-CE79-5EA6-7BAD1DF6F8BF}" = CCC Help Greek
"{F392063E-8736-7812-47E7-7598F0B56D9D}" = CCC Help Swedish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF4EB4E5-55BB-D9AF-B5A2-3D6F359E7472}" = CCC Help Chinese Traditional
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AskTBar Uninstall" = Ask Toolbar
"AVG Secure Search" = AVG Security Toolbar
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"MarketingTools" = VAIO Marketing Tools
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 15.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.05.2013 12:51:02 | Computer Name = JuliaMeyer-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 27.05.2013 13:01:13 | Computer Name = JuliaMeyer-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 27.05.2013 13:28:29 | Computer Name = JuliaMeyer-VAIO | Source = McLogEvent | ID = 5046
Description = Der McShield-Scan-Service kann keine Konfiguration im Register finden.
Error - 27.05.2013 13:28:47 | Computer Name = JuliaMeyer-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)
Error - 27.05.2013 13:28:47 | Computer Name = JuliaMeyer-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 27.05.2013 13:44:13 | Computer Name = JuliaMeyer-VAIO | Source = MsiInstaller | ID = 10005
Description =
Error - 28.05.2013 04:25:52 | Computer Name = JuliaMeyer-VAIO | Source = McLogEvent | ID = 5046
Description = Der McShield-Scan-Service kann keine Konfiguration im Register finden.
Error - 28.05.2013 04:25:57 | Computer Name = JuliaMeyer-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)
Error - 28.05.2013 04:25:57 | Computer Name = JuliaMeyer-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.05.2013 04:36:18 | Computer Name = JuliaMeyer-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ Media Center Events ]
Error - 11.09.2010 11:45:43 | Computer Name = JuliaMeyer-VAIO | Source = MCUpdate | ID = 0
Description = 17:45:43 - Fehler beim Herstellen der Internetverbindung. 17:45:43
- Serververbindung konnte nicht hergestellt werden..
Error - 13.09.2010 14:41:57 | Computer Name = JuliaMeyer-VAIO | Source = MCUpdate | ID = 0
Description = 20:41:56 - Fehler beim Herstellen der Internetverbindung. 20:41:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 27.05.2013 13:28:21 | Computer Name = JULIAMEYER-VAIO | Source = BugCheck | ID = 1001
Description =
Error - 27.05.2013 13:28:30 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "McAfee Real-time Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%5046.
Error - 27.05.2013 13:28:30 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 27.05.2013 13:28:58 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126
Error - 27.05.2013 13:33:48 | Computer Name = JuliaMeyer-VAIO | Source = Schannel | ID = 36870
Description = Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der
Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene
Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error - 27.05.2013 14:05:15 | Computer Name = JuliaMeyer-VAIO | Source = Schannel | ID = 36870
Description = Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der
Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene
Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.
Error - 27.05.2013 14:06:33 | Computer Name = JuliaMeyer-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
(KB976932)
Error - 28.05.2013 04:25:53 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 28.05.2013 04:25:53 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "McAfee Real-time Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%5046.
Error - 28.05.2013 04:26:12 | Computer Name = JuliaMeyer-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126
< End of report >
#################### Log-Datei: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 28.05.2013 11:52:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\Trojaner-Board 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 66,39% Memory free 7,71 Gb Paging File | 6,06 Gb Available in Paging File | 78,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,74 Gb Total Space | 368,87 Gb Free Space | 81,12% Space Free | Partition Type: NTFS Drive G: | 3,73 Gb Total Space | 3,66 Gb Free Space | 98,08% Space Free | Partition Type: FAT32 Computer Name: JULIAMEYER-VAIO | User Name: Julia Meyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.28 10:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Trojaner-Board\OTL.exe PRC - [2013.05.21 11:34:32 | 000,023,552 | ---- | M] () -- C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe PRC - [2013.02.18 18:32:47 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.02.18 18:32:47 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2012.12.21 11:18:40 | 001,424,088 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe PRC - [2012.11.16 15:24:44 | 000,913,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.04.22 17:25:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.05.20 12:25:24 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.12.01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe PRC - [2009.12.01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe PRC - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.10.24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe PRC - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.05.21 11:34:32 | 000,023,552 | ---- | M] () -- C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe MOD - [2013.02.18 18:32:48 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2013.02.18 18:32:47 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.02.17 17:59:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll MOD - [2013.02.17 17:58:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.12 14:40:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 14:39:15 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.12 14:39:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.12 14:38:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.12 14:38:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.12 14:38:51 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.12 14:38:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2010.05.20 21:50:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.01.27 22:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.16 23:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) SRV - [2013.02.18 18:32:47 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2012.11.16 15:24:44 | 000,913,184 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.04.09 14:37:36 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2010.02.17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.12.01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.11.25 19:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.09.08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.18 18:32:48 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.11.16 14:56:48 | 000,209,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012.11.16 14:56:48 | 000,062,024 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2012.03.14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2012.03.14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.07.15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP) DRV:64bit: - [2010.02.17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010.02.17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010.02.17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2010.02.17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2010.01.27 22:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.10.09 04:47:00 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{03D33B92-ABFB-4B82-BC1E-F4A318A11DE3}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1B7A5658-E3F7-4B1B-8DF0-FAF28C9F1EDD}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{31611118-73C1-4DD8-B3D2-90AAD54AB502}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{38211874-C1F5-4D5D-AF48-FC45D6AB22D5}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{4B5003A8-6A49-49F6-9512-139FF036E3B0}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{551C1E8D-4344-43FA-8C3F-5FC0DCCEB6D9}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{5B41C9E6-C61C-43A0-9E83-81E730C8758C}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE398DE398 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={1E817E4F-B3FF-4DD3-8AFF-6E8BC9EC6142}&mid=82d0a242418447d0b367850b0f87ffd5-dde51a417fcb7680b0850274362e40882c798381&lang=de&ds=nr014&pr=sa&d=2012-12-26 17:57:47&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{BAD1B264-6C34-4C46-9D05-78E5223D10D4}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{EA2CB6E4-E337-42F7-922A-8756F34777A6}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.21 16:03:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.01.12 10:57:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 18:33:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.12.28 13:30:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.21 16:03:17 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [DirtyDecrypt] C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 19:51:28 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Roaming\Apple Computer [2013.05.27 19:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.27 19:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.27 19:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.05.27 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.05.27 19:48:00 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Local\Apple [2013.05.27 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.05.27 19:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.05.26 22:46:24 | 000,000,000 | ---D | C] -- C:\3465d2674e8ea64e591437d9ad [2013.05.21 11:34:35 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Roaming\JlsFqsid [2013.05.21 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Roaming\Dirty [2013.05.21 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Local\Dirty [2013.05.20 15:37:41 | 000,000,000 | ---D | C] -- C:\d46acfd3bbe8130e0cc869bdb9 [2013.05.14 12:50:47 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\Robin [2013.05.04 14:29:22 | 000,000,000 | ---D | C] -- C:\d3dae6f0c04a755cb0a7a806 [2 C:\Users\Julia Meyer\Desktop\*.tmp files -> C:\Users\Julia Meyer\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.28 11:54:08 | 001,513,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 11:54:08 | 000,659,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 11:54:08 | 000,620,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 11:54:08 | 000,132,970 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 11:54:08 | 000,108,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.28 11:50:51 | 000,000,000 | ---- | M] () -- C:\Users\Julia Meyer\defogger_reenable [2013.05.28 11:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 11:45:07 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.28 10:33:32 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 10:33:32 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 10:29:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 10:25:30 | 3106,455,552 | -HS- | M] () -- C:\hiberfil.sys [2013.05.27 19:50:22 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.05.27 19:28:13 | 644,114,486 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.05.22 19:57:03 | 000,032,588 | ---- | M] () -- C:\Users\Julia Meyer\Desktop\Abitur 2013 Mdl. Prüfungen Prüfplan 22.05.2013.pdf [2013.05.14 15:27:58 | 000,070,416 | R--- | M] () -- C:\Users\Julia Meyer\Desktop\Anmeldebestätigung und Rechnung_20130513_125632.pdf [2013.04.28 12:03:21 | 719,006,400 | ---- | M] () -- C:\Users\Julia Meyer\Documents\Image.bin [2013.04.28 12:03:21 | 000,000,578 | ---- | M] () -- C:\Users\Julia Meyer\Documents\Image.cue [2 C:\Users\Julia Meyer\Desktop\*.tmp files -> C:\Users\Julia Meyer\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.28 11:50:51 | 000,000,000 | ---- | C] () -- C:\Users\Julia Meyer\defogger_reenable [2013.05.27 19:50:22 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.05.27 19:47:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.26 20:07:04 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.05.22 19:57:03 | 000,032,588 | ---- | C] () -- C:\Users\Julia Meyer\Desktop\Abitur 2013 Mdl. Prüfungen Prüfplan 22.05.2013.pdf [2013.05.14 15:27:58 | 000,070,416 | R--- | C] () -- C:\Users\Julia Meyer\Desktop\Anmeldebestätigung und Rechnung_20130513_125632.pdf [2013.04.28 12:03:21 | 000,000,578 | ---- | C] () -- C:\Users\Julia Meyer\Documents\Image.cue [2010.09.21 16:32:19 | 000,003,584 | ---- | C] () -- C:\Users\Julia Meyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.21 15:35:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.11 14:40:37 | 000,000,500 | ---- | C] () -- C:\Users\Julia Meyer\Desktop.lnk [2010.05.20 12:21:05 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.02.17 19:18:17 | 000,000,000 | -HSD | M] -- C:\Users\Julia Meyer\AppData\Roaming\.# [2013.03.11 19:14:24 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\1&1 Mail & Media GmbH [2010.10.24 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\Amazon [2013.05.21 11:34:32 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\Dirty [2012.12.28 13:34:02 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\ESET [2010.09.24 19:37:54 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\ImgBurn [2013.05.21 11:34:35 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\JlsFqsid [2012.10.10 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\SoftGrid Client [2010.09.11 16:31:26 | 000,000,000 | ---D | M] -- C:\Users\Julia Meyer\AppData\Roaming\TP ========== Purity Check ========== < End of report > ##################### gmer.txt GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-28 16:29:27 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\JULIAM~1\AppData\Local\Temp\pwqiruoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1608] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b6d03c 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [2536] entry point in ".rdata" section 000000006d4571e6 .text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[4112] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b6d03c 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077581465 2 bytes [58, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775814bb 2 bytes [58, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:2100] 000007fefb872a88 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:2256] 000007fef5abc0b0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2584:1492] 000007fef95e5124 Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4616] 00000000275c962b Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4620] 00000000275c962b Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4676] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4688] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4708] 00000000734d2f69 Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4808] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4812] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4816] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4820] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4824] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4828] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4832] 000000007244345e Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4852] 0000000073e4e788 Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4856] 0000000070d96f14 Thread C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [1968:4860] 0000000073e4e788 Leider bricht der Gmer-Scan ab mit der Meldung: "Es befindet sich kein Datenträger im Laufwerk. Legen Sie dafür einen Datenträger in Laufwerk \Device\Harddisk1\DR1 ein." Geändert von Whizky (28.05.2013 um 16:12 Uhr) Grund: Log-Files ergänzt |
|
28.05.2013, 16:15
| #2 |
| /// Malware-holic   | DirtyDecrypt hat Word-Dokumente infiziert Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
PRC - [2013.05.21 11:34:32 | 000,023,552 | ---- | M] () -- C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe
MOD - [2013.05.21 11:34:32 | 000,023,552 | ---- | M] () -- C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe
O4 - HKCU..\Run: [DirtyDecrypt] C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe ()
[2013.05.21 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Roaming\Dirty
[2013.05.21 11:34:32 | 000,000,000 | ---D | C] -- C:\Users\Julia Meyer\AppData\Local\Dirty
:files
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
31.05.2013, 15:07
| #3 |
| | DirtyDecrypt hat Word-Dokumente infiziert All processes killed
__________________========== OTL ========== No active process named DirtyDecrypt.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DirtyDecrypt not found. File C:\Users\Julia Meyer\AppData\Roaming\Dirty\DirtyDecrypt.exe not found. Folder C:\Users\Julia Meyer\AppData\Roaming\Dirty\ not found. Folder C:\Users\Julia Meyer\AppData\Local\Dirty\ not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Julia Meyer ->Temp folder emptied: 2049685664 bytes ->Temporary Internet Files folder emptied: 995917598 bytes ->Java cache emptied: 433891 bytes ->Flash cache emptied: 553 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 557093407 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 157444 bytes RecycleBin emptied: 17993986 bytes Total Files Cleaned = 3.454,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05312013_155358 Files\Folders moved on Reboot... File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_F4D62C95-5DE5-425D-B330-EC506A102394.0\EFBA4C6F. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_F46C431D-1CBA-46F1-A66F-745400E06A5A.0\7124CAF3. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_EA734CB4-B2FB-4A75-8FDE-64B3AD0DB9C0.0\DFDFB22D. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E7B74EFB-3F08-4AF8-AD11-2AD9BD083018.0\6BBDEFC3. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E77E2AFA-A56A-45FC-90DF-FFF9295D2547.0\3DA6DB9D. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E507005A-13C3-42CD-B04B-38A41D8AE4DF.0\FF1E9201. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E49831AB-AC06-4EA7-914D-BE63EAA38881.0\F391EB3A. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E480BD9C-E0A6-4337-A302-238778AFDA0B.0\6DF07A7. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E463ED88-5839-48F3-86D8-9109C881A5D4.0\C3D0E603. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_E166316A-1874-44D7-927E-0C434762FB03.0\782C99B5. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_DEC1089A-87D2-49DA-95C2-B995E455B751.0\FB2B7C29. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_DD30EB5D-90CB-4D6C-A4AB-E56679136B8F.0\D6604F8B. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_DB328F29-D7E8-467F-BCBF-23FA49448A7A.0\E2C76BF8. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_D8B2A26E-7420-4E69-90FE-4FA520D4ACA7.0\94D2286E. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_D25A568F-D844-4A1F-B6F9-97EF56DE5684.0\9541D07F. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_D0B0D501-43CF-4CEF-BCDD-D24E8099A5CE.0\72D40223. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_D08D409C-E6C0-4FD1-B727-65944AF7E003.0\47E15455. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_CB169271-534D-4B4D-A6C7-638F8AC3FBB7.0\DCB29523. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_C8172904-D40B-470E-8113-63C01F3B30CE.0\AB859FD. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_C12815BB-0A4A-415F-B9EF-44A2B9782678.0\3BDAEAF7. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_BE8C3A0D-DF8D-4B9B-81C1-1452B50165DF.0\16C253A6. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_BDF50045-69C7-49E0-B167-0D3FDD9631C5.0\8C0B81C5. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_BA6C1FD8-CC71-431C-8431-338C387847AF.0\5FCE4068. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_B852FA98-7CA4-4D78-9FED-34B1F21F8CBC.0\DB4ED3AE. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_B1F8F4E8-003E-47F7-8A2A-B5AB2E333138.0\1F6F641C. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_AFD2609C-B26E-47EA-BA48-A2A854FC71F7.0\8775F682. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_AD21D1EC-61CB-430F-AB1B-BAF4E2A56A8F.0\57492B21. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_AC89A831-BE99-4CB2-9F3D-1CBC9364A2D9.0\3DCF996C. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_AC333ADF-A48A-4117-BFFC-BF38E2F3FF34.0\375B3A11. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_ABF1A73F-41F1-439B-8697-013D1CA8D3A8.0\B0D1AE52. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_A5B5EC7D-6F4F-4356-936B-845887A3C246.0\B780B6C8. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_A4E8ED7F-D575-4A21-8EC3-A3C1786BA872.0\408E5472. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_A4DDFCA8-8A99-45C9-A48B-AAE8B9345278.0\4F0EBE28. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_A397FAE3-E694-4F81-BB05-61F014B6B8A5.0\A5425851. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_A31AF97C-D0F4-460A-9389-79D02187C2C7.0\7BAB8043. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_9FB196BF-18A5-4D22-B44D-F670C43DF231.0\4F5274BC. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_9C7105CC-EF91-4B26-86C4-88DD96409890.0\63C57B23. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_978ECECE-732C-440B-9D79-75A13FF724AA.0\4CC26D3. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_95C85BB7-6ADC-44DD-9423-FB8E2B9FB7FE.0\E4B79107. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_92833DEC-8101-4AFB-A781-3FC7C864CD70.0\436D1077. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_9138D620-E9A4-47A0-AC68-E99B6AFF257F.0\A6264225. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_88140A5C-E884-479D-BAB7-475760CF7EFB.0\85A0670E. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_87F3222B-9929-45C5-82EB-C0B8EB6209AF.0\9B72B706. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_87145F79-1233-453D-8D06-FF9560F65EB9.0\47C58BC9. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_8556E546-F2CD-478C-8EA4-EC039BEA8196.0\B3E57106. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_83FDCC99-7858-4993-9DA8-B7C3467BE20F.0\11FD4673. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_821E5576-6D98-4093-99D6-EC2476F85E12.0\57AE8A0F. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_7FD3440D-59F0-453A-B0F2-799AC360C65C.0\17CD746D. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_7F4B02F6-553D-4D8E-8650-D9858E6C2805.0\49B8B427. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_7B3440BF-C109-422E-AE8C-6FAB6C3089F3.0\DF5454B2. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_71364093-92C6-4BB7-8518-71F5B7A0E8EB.0\D26A254A. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_6FDDCF2A-F707-400B-8AC2-9125858CE52F.0\58F8B543. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_6EB77754-6234-460C-8A09-A432EE7144C2.0\12AD0ABB. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_6E96F7F0-FB65-4D2F-9802-4541DFDD2764.0\9044AEA0. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_6BDFEC8B-0185-4ED5-9108-6B48F3D33D5D.0\1F03E043. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_63923A91-A52C-4CB5-AB86-BCBE6EB2729B.0\D158B21. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_61715FED-7470-478D-BAF8-DC92E2A1B897.0\D8CA0D2D. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_615E4B23-ED72-4400-AB0D-A1DA9CF063AC.0\D0BD2508. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_6025444A-17C9-4856-BCCB-256B28A733FD.0\38FCCAA2. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_59E2F098-537E-4DEC-8B02-AD1C268CC218.0\49DB1BDE. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_58225A98-0F68-4C1B-BAEA-E96F091E9968.0\50F64A65. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_540C0538-5387-4838-AA5F-B6E2EB0CF667.0\DDBC1DC9. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_53D8D0B4-551E-468F-A074-D0BDAF2CAA46.0\EF4F6175. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_532F2658-8FBD-43B9-884B-352F4AA0FD57.0\E4B85B86. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_513C72F1-F61F-4EDB-A71E-4F21AF7CE21F.0\5A3EF520. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_4D13682A-4E80-4FC1-9BBE-9ADB544F5312.0\54588D25. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_4620E7A4-94A2-47CB-8C67-EE95F03BC34D.0\11F1A9AC. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_451DABEA-7286-4EDA-A085-D064EB9F67AB.0\FFD8EE95. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_3F995346-8CEA-4B05-A33B-6E1E8F74C6E9.0\5CC18459. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_3EB8C914-656D-4CE2-8E74-AA2586F79DAB.0\99326AA5. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_3BEBABBD-509E-4EA1-9080-98603E6CA4D2.0\69904D7A. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_3A1621FB-3577-4DD8-BC2D-327387528387.0\72F36A73. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_35508613-1FA4-4CBA-BF75-F68164953B6A.0\195F154A. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2E420EF1-E910-465E-90FF-F15347FE8E38.0\7FAB3766. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2AF297AA-2F15-4C23-8AB0-7803A2B4CE34.0\6686981E. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2AA6E09B-4D79-4EF6-9BEF-92F17EB838E9.0\FFE4BA81. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2A6327D1-4925-466D-9FD0-C835E71D749A.0\133DE61. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2780D12E-40F8-44CF-A5FD-84EC222AE666.0\4BEBA7C8. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_271C930A-C2CF-45DD-BC13-32647328ED89.0\C8F58094. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_2500B303-514C-4F31-B08D-CC252EAE06D5.0\90D9E61E. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_20B677D3-B071-4514-A5BA-11FCE8BDEED6.0\7BA9F80. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_1E84C399-A3B1-4BE7-AEC3-0EB7DCCEF592.0\C7593A5E. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_192FD807-920D-4B70-BD3B-C8F9CAF0D593.0\A46BFCE5. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_18C26C0C-DC53-4E5C-BB74-0B529AB091E7.0\267F178D. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_15600481-3D5F-4D0C-B4C6-70382C9B862B.0\A1306758. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_1181DF6A-57B3-4C54-B39C-1FB6D7FB1007.0\BCDEB143. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_10F30C2D-99E2-42C3-846D-0EB68ACF4846.0\CAA35B92. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_107CA36F-23BE-4339-965F-73E452A32323.0\F26353E7. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_0F17AB46-D9F4-4B5E-B7EC-ADC759786DC7.0\72130C70. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_0D643D2D-13F6-4D1F-8DE3-37DD89D801CF.0\649D8855. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_08AE7BC2-6D65-4D3D-AB74-4C9C3B093A56.0\FA5047E8. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_085FF612-3109-46C2-BC26-FFC840273883.0\43AC2198. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_07D3E4AE-0727-4823-8002-E658B76019AF.0\BE559458. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_060B7DE0-5E0A-44D6-B039-448D48D3F024.0\315F6268. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_04B23B31-5E48-4230-B1B3-7FDA91471FE5.0\4F55C6AD. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\OICE_020C17D5-8816-4ACD-BF7E-A2A5A346B61C.0\FDBCF8C8. not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[10].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[11].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[1].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[2].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[3].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[4].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[5].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[6].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[7].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[8].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\ZP4KZ7JJ\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[9].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[10].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[11].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[1].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[2].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[3].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[4].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[5].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[6].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[7].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[8].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[9].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\SK9W700T\geview=homepage&viewwidth=0&viewheight=0&hastb=false&os=10&browser=12&fvers=10&ref=&iframe=0&screen_res=-1&ac=0&tz=1&tagid=ambient&owner=&specialtype=&adsize=¶ms[1].js not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[10].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[11].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[1].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[2].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[3].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[4].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[5].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[6].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[7].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[8].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\GBTY2WL8\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[9].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[10].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[11].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[1].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[2].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[3].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[4].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[5].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[6].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[7].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[8].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\8.0%3B+Windows+NT+6.1%3B+WOW64%3B+Trident%2F4.0%3B+GTB7.0%3B+SLCC2%3B+.NET+CLR+2.0.50727%3B+.NET+CLR+3.5.30729%3B+.NET+CLR+ 3.0.30729%3B+Media+Center+PC+6.0%3B+.NET4[9].htm not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\C0J9U243\eight=0&hastb=false&os=10&browser=12&fvers=10&ref=&iframe=0&screen_res=-1&ac=0&tz=1&tagid=buster&busterid=40380&pageView=buster&owner=uim&specialtype=&adsize=¶ms[1].js not found! C:\Users\Julia Meyer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF1D21F36ACF4A5B78.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF223CBF43AF771B2A.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF24F15F6FC3F311BA.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF286B4CF6A7A2B567.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF2A7B1F2DB2777EE4.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF44EF700404FBD0A1.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF534D6F3F5EDE168F.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF56716A1B8BB73B38.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DF9B12B70B3CDDF2B2.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DFE8C0C8BE9D944DAD.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DFE992E1A37B78BD3B.TMP not found! File\Folder C:\Users\Julia Meyer\AppData\Local\Temp\~DFF14492C9E12FF5C8.TMP not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Der Upload der Datei MovedFiles.zip hat problemlos geklappt. Der Upload der Datei MovedFiles.zip hat problemlos geklappt. |
|
31.05.2013, 16:45
| #4 |
| /// Malware-holic | DirtyDecrypt hat Word-Dokumente infiziert also, ne entschlüsselungsmöglichkeit kennen wir momentan nicht, das Problem ist, wir finden kein Sample der Malware, was noch voll lauffähig ist, also bei denen die server noch funktionieren über die die Verschlüsselung wohl abläuft. versuchs mal mit dem shadow explorer: http://www.trojaner-board.de/115496-...erstellen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 17:00
| #5 |
| | DirtyDecrypt hat Word-Dokumente infiziert Danke für die Antwort. Aber was sagt mir das jetzt? Ihr könnt also nichts machen, der Rechner bleibt infiziert? Was konntet ihr über die Logfiles rausfinden? Und wozu dient denn der shadow explorer? Doch offenbar, um Dateien wiederherzustellen... Meinst du damit, eine Version wiederherzustellen, bevor der Rechner infiziert war? |
|
31.05.2013, 18:31
| #6 |
| /// Malware-holic | DirtyDecrypt hat Word-Dokumente infiziert Hi, die Ransomware haben wir ja gelöscht. der Shadowexplorer kann, wenn die Schattenkopie aktiv ist, evtl. vorgängerversionen der betroffenen Files herstellen, also testen. Nicht jede verschlüsselung kann man knacken, man muss als pc besitzer auch sorgsam im Netz arbeiten, diese infektion kommt höchst warscheinlich von Pornoseiten, illegalen Streaminportalen wie Kinox.to etc bzw über Sicherheitslücken Wer da nicht sorgsam drauf achtet, und dann noch nicht mal Backups hatt, setzt sich leider einer immer größeren Gefahr aus.
__________________ --> DirtyDecrypt hat Word-Dokumente infiziert |
|
31.05.2013, 19:52
| #7 |
| | DirtyDecrypt hat Word-Dokumente infiziert Okay. Vielen Dank! |
|
31.05.2013, 19:57
| #8 |
| /// Malware-holic | DirtyDecrypt hat Word-Dokumente infiziert Wie gesagt, teste das erst mal, und evtl. finden wir ja noch mal n Trojaner, mit dem wir das vernünftig nachstellen können, es ist ja bisher noch kein entgültiges Ergebniss zu vermelden :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu DirtyDecrypt hat Word-Dokumente infiziert |
| 7-zip, appdata, avg secure search, cracker, dirtydecrypt, erhalte, eset smart security, experte, experten, fehlermeldung, files, gmer-scan, infiziert, install.exe, ip-hilfsdienst, liebe, local, microsoft office starter 2010, msiinstaller, not, plug-in, program, roaming, secure search, users, vtoolbarupdater, worddateien |
Textbox. 
Linear-Darstellung
