Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malware CouponDropDown löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.04.2013, 17:57   #1
survivachick
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



Hallo Community,

ich bin neu hier und meine PC Kenntnisse sind eher basic, daher brauche ich bitte Hilfe. Wie schon einige User vor mir habe ich das Problem, dass in den Browsern Chrome und Firefox verschiedenste Wörter auf einmal blau unterlegt sind und an jeder Ecke CouponDropDown Banner angezeigt werden. Ein Virenscan hat leider nichts gebracht und in den Add Ons/Erweiterungen der Browser ist leider auch nichts zu finden. Ich habe die Schritte in "Für alle Hilfesuchenden..." bereits gemacht und poste hier die Log Files (OTL, Extras, GMER) in einem Archiv

Alt 24.04.2013, 18:24   #2
aharonov
/// TB-Ausbilder
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



Hi,

kannst du bitte deine Logfiles nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Danke.
__________________

__________________

Alt 24.04.2013, 18:40   #3
survivachick
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



OTL
Code:
ATTFilter
OTL logfile created on: 24.04.2013 16:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 22,24% Memory free
7,93 Gb Paging File | 3,92 Gb Available in Paging File | 49,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 235,92 Gb Free Space | 51,73% Space Free | Partition Type: NTFS
 
Computer Name: MARLENE-VAIO | User Name: Marlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.24 16:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marlene\Desktop\OTL.exe
PRC - [2013.04.19 14:07:27 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Marlene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.31 01:52:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.31 01:52:26 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.31 01:52:26 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.18 22:12:12 | 007,366,656 | ---- | M] (Google Inc.) -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marlene\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.07 17:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Marlene\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.23 17:02:11 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012.12.16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012.12.03 20:35:00 | 001,044,320 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.11.29 21:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.11.16 15:59:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.21 16:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.21 12:32:44 | 002,089,472 | ---- | M] () -- C:\Program Files (x86)\FeedReader30\feedreader.exe
PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.07.01 11:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.24 16:05:56 | 001,175,040 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._core_.pyd
MOD - [2013.04.24 16:05:56 | 001,153,024 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\_ssl.pyd
MOD - [2013.04.24 16:05:56 | 001,022,416 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\windows._cacheinvalidation.pyd
MOD - [2013.04.24 16:05:56 | 000,805,888 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._gdi_.pyd
MOD - [2013.04.24 16:05:56 | 000,735,232 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._misc_.pyd
MOD - [2013.04.24 16:05:56 | 000,557,056 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\pysqlite2._sqlite.pyd
MOD - [2013.04.24 16:05:56 | 000,364,544 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\pythoncom27.dll
MOD - [2013.04.24 16:05:56 | 000,320,512 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32com.shell.shell.pyd
MOD - [2013.04.24 16:05:56 | 000,128,512 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\_elementtree.pyd
MOD - [2013.04.24 16:05:56 | 000,110,080 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\pywintypes27.dll
MOD - [2013.04.24 16:05:56 | 000,108,544 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32security.pyd
MOD - [2013.04.24 16:05:56 | 000,098,816 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32api.pyd
MOD - [2013.04.24 16:05:56 | 000,087,040 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\_ctypes.pyd
MOD - [2013.04.24 16:05:56 | 000,070,656 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._html2.pyd
MOD - [2013.04.24 16:05:56 | 000,044,032 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\_socket.pyd
MOD - [2013.04.24 16:05:56 | 000,035,840 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32process.pyd
MOD - [2013.04.24 16:05:56 | 000,025,600 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32pdh.pyd
MOD - [2013.04.24 16:05:56 | 000,022,528 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32ts.pyd
MOD - [2013.04.24 16:05:56 | 000,017,408 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32profile.pyd
MOD - [2013.04.24 16:05:56 | 000,011,264 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32crypt.pyd
MOD - [2013.04.24 16:05:55 | 001,062,400 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._controls_.pyd
MOD - [2013.04.24 16:05:55 | 000,811,008 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._windows_.pyd
MOD - [2013.04.24 16:05:55 | 000,711,680 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\_hashlib.pyd
MOD - [2013.04.24 16:05:55 | 000,686,080 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\unicodedata.pyd
MOD - [2013.04.24 16:05:55 | 000,127,488 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\pyexpat.pyd
MOD - [2013.04.24 16:05:55 | 000,122,368 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\wx._wizard.pyd
MOD - [2013.04.24 16:05:55 | 000,119,808 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32file.pyd
MOD - [2013.04.24 16:05:55 | 000,038,912 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32inet.pyd
MOD - [2013.04.24 16:05:55 | 000,018,432 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\win32event.pyd
MOD - [2013.04.24 16:05:55 | 000,010,240 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Temp\_MEI8682\select.pyd
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.03.18 22:01:08 | 000,344,064 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013.03.18 22:00:52 | 000,231,936 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013.03.18 22:00:26 | 000,253,440 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013.03.18 22:00:14 | 000,117,248 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013.02.27 21:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013.02.27 21:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013.02.27 21:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013.02.27 21:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013.02.27 21:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012.11.29 21:36:06 | 000,060,928 | ---- | M] () -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.08.21 16:56:40 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
MOD - [2010.01.21 12:32:44 | 002,089,472 | ---- | M] () -- C:\Program Files (x86)\FeedReader30\feedreader.exe
MOD - [2010.01.20 16:55:46 | 000,222,720 | ---- | M] () -- C:\Program Files (x86)\FeedReader30\theme.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.16 22:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.12 18:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.04.19 19:15:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.11 21:23:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.31 01:52:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.31 01:52:26 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.20 12:05:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2012.12.16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.16 00:26:55 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.01.12 18:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 18:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.10.25 17:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.10.25 17:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.10.12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 15:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.27 15:13:22 | 000,312,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2010.09.10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.05.07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.22 18:59:28 | 000,190,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2010.02.09 11:19:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.07.16 09:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.06.26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.31 01:52:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.31 01:52:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.31 01:52:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.12 23:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.11.16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.11.16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.11.16 21:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.10.10 18:30:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.09.26 16:47:21 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.09.26 16:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.27 20:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.04.10 14:40:24 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.05 03:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.08.05 03:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 22:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.30 22:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.30 22:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.30 22:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.30 22:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.24 07:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 22:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.06.25 10:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus)
DRV:64bit: - [2007.04.16 20:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2012.03.26 10:35:52 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\klhbyp.sys -- (csjutuvz)
DRV - [2010.03.27 14:46:49 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\qdnz.sys -- (nmvc)
DRV - [2010.03.27 14:41:48 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\lmaompmd.sys -- (pfygbh)
DRV - [2010.03.27 14:36:32 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\oztdm.sys -- (jbsbhdm)
DRV - [2010.03.27 14:30:42 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\dkerbyt.sys -- (isom)
DRV - [2010.03.26 22:33:26 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\ikppmb.sys -- (wivbwxx)
DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3ef306280000000000000024d63d6df7&tlver=1.4.19.19&affID=18607
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100518084229550&tb_oid=18-05-2010&tb_mrud=18-09-2010
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKWO50020&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b85d87714-89f9-4774-971d-2ea08f608710%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1bccf8d7-c51f-4cd6-ad4d-580aefefd29a&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1bccf8d7-c51f-4cd6-ad4d-580aefefd29a&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 43 FD 50 A5 36 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1bccf8d7-c51f-4cd6-ad4d-580aefefd29a&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1bccf8d7-c51f-4cd6-ad4d-580aefefd29a&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=GB&userid=1bccf8d7-c51f-4cd6-ad4d-580aefefd29a&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKWO50020&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b85d87714-89f9-4774-971d-2ea08f608710%7d&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_3_&babsrc=SP_ss&mntrId=3ef3062800000000000000ff5bc319b8
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3ef306280000000000000024d63d6df7&tlver=1.4.19.19&affID=18607
IE - HKCU\..\SearchScopes\{35F0D6E8-7CB3-4667-8E1A-C229DDE1121F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A50E9546-7136-463A-85AB-39160F24ED76}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=85.115.34.240:8089
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B469CEB59-8266-438b-91D9-82F56D595E15%7D:1.19
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.10
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.6.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.7
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.200100126
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..keyword.keywordURL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - prefs.js..network.proxy.http: "204.131.46.200"
FF - prefs.js..network.proxy.http_port: 8000
 
FF - user.js..browser.search.selectedEngine: "Suche"
FF - user.js..browser.search.order.1: "Suche"
FF - user.js..browser.search.defaultenginename: "Suche"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marlene\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marlene\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4fd8f19ec2048@4fd8f19ec2081.info: C:\Users\Marlene\AppData\Roaming\Mozilla\Firefox\Profiles\zdtpek6b.default\extensions\4fd8f19ec2048@4fd8f19ec2081.info
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.25 19:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.21 01:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.24 15:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 11:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.05 11:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 11:41:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.05 11:41:41 | 000,000,000 | ---D | M]
 
[2010.02.04 11:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\Extensions
[2010.01.08 15:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.18 09:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions
[2010.02.04 11:37:47 | 000,000,000 | ---D | M] (PinkHope) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}
[2010.03.18 21:34:12 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2013.02.23 19:19:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.11 21:04:15 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.04.18 09:35:32 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\addon@freecorder.com
[2010.02.04 11:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions
[2010.02.04 11:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\Firefox\Profiles\zdtpek6b.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\extensions\CVS
[2013.03.18 12:07:08 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.04.18 09:00:53 | 000,215,824 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\pinterest-addon@felixfung.ca.xpi
[2012.12.15 22:40:31 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.04.11 21:04:16 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2008.02.08 07:47:30 | 000,001,204 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2008.01.27 19:53:20 | 000,001,812 | ---- | M] () (No name found) -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2011.03.17 00:56:18 | 000,002,198 | ---- | M] () -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\searchplugins\google-search.xml
[2013.01.16 21:48:17 | 000,006,362 | ---- | M] () -- C:\Users\Marlene\AppData\Roaming\mozilla\firefox\profiles\zdtpek6b.default\searchplugins\Google.xml
[2013.04.24 15:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.21 01:37:03 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marlene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marlene\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Marlene\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: phonostar Detector (Enabled) = C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Theme Creator = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
CHR - Extension: Tampermonkey = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.188_0\
CHR - Extension: Pixlr-o-matic = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: Pinterest button = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\6.4_0\
CHR - Extension: Freecorder = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm\7.0.0.13_0\
CHR - Extension: RealDownloader = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Cork Board = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Marlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
 
O1 HOSTS File: ([2012.07.22 19:24:53 | 000,002,385 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com      
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 26 more lines...
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Marlene\AppData\Roaming\xplugin\toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marlene\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [antivir] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files (x86)\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [MusicManager] C:\Users\Marlene\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Marlene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marlene\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marlene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Marlene\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Marlene\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marlene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Marlene\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Marlene\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B9B565C-06D3-446B-9A57-80B91D0C36EB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B9B565C-06D3-446B-9A57-80B91D0C36EB}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{41eb9643-4b3f-11e0-9ee6-60380e06200a}\Shell - "" = AutoRun
O33 - MountPoints2\{41eb9643-4b3f-11e0-9ee6-60380e06200a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{41eb9652-4b3f-11e0-9ee6-60380e06200a}\Shell - "" = AutoRun
O33 - MountPoints2\{41eb9652-4b3f-11e0-9ee6-60380e06200a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a9da6526-ecd8-11e0-a43c-a2398adbf7d0}\Shell - "" = AutoRun
O33 - MountPoints2\{a9da6526-ecd8-11e0-a43c-a2398adbf7d0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{d89d4343-4b2a-11e1-96f5-ce4d29c399d8}\Shell - "" = AutoRun
O33 - MountPoints2\{d89d4343-4b2a-11e1-96f5-ce4d29c399d8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{ebcb9ad3-f859-11de-8647-60380e06200a}\Shell - "" = AutoRun
O33 - MountPoints2\{ebcb9ad3-f859-11de-8647-60380e06200a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 16:17:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marlene\Desktop\OTL.exe
[2013.04.24 11:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.24 11:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.24 11:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2013.04.21 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Roaming\Canneverbe Limited
[2013.04.21 21:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.04.21 21:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013.04.21 20:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2013.04.21 20:14:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2013.04.21 20:14:57 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2013.04.21 20:14:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2013.04.21 20:14:57 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2013.04.21 20:14:57 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2013.04.21 20:14:56 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2013.04.21 20:14:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2013.04.21 20:14:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2013.04.21 20:14:53 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Roaming\FreeAudioPack
[2013.04.18 10:21:55 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Local\Freecorder 7 Audio
[2013.04.18 09:46:16 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Roaming\Freecorder 7 Audio
[2013.04.18 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Local\Jaksta_Technologies_Pty_L
[2013.04.18 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\Marlene\Documents\Freecorder
[2013.04.18 09:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2013.04.18 09:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder extension
[2013.04.13 19:03:47 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Roaming\Adobe
[2013.04.12 20:53:02 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013.04.11 21:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\Marlene\Desktop\multidownload
[2013.04.10 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpg2Pdf
[2013.04.10 17:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jpg2Pdf
[2013.04.05 11:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.03 21:16:37 | 000,000,000 | ---D | C] -- C:\Users\Marlene\AppData\Local\Adobe
[2013.04.03 09:12:58 | 000,000,000 | ---D | C] -- C:\Users\Marlene\Desktop\House+
[2013.03.31 01:52:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.31 01:52:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.31 01:52:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.27 11:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.24 16:22:41 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.24 16:20:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 16:20:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 16:18:14 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1246306634-2538792061-1306620866-1000UA.job
[2013.04.24 16:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marlene\Desktop\OTL.exe
[2013.04.24 16:05:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.24 16:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 16:04:21 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 16:02:16 | 000,000,020 | ---- | M] () -- C:\Users\Marlene\defogger_reenable
[2013.04.24 16:01:51 | 000,050,477 | ---- | M] () -- C:\Users\Marlene\Desktop\Defogger.exe
[2013.04.24 15:48:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 14:26:48 | 012,917,756 | ---- | M] () -- C:\Users\Marlene\Desktop\mbar-1.05.0.1001.zip
[2013.04.21 19:53:33 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.21 19:53:33 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.21 19:53:33 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.21 19:53:33 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.21 19:53:33 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.20 13:17:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1246306634-2538792061-1306620866-1000Core.job
[2013.04.19 19:05:04 | 003,385,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.18 08:49:19 | 005,422,798 | ---- | M] () -- C:\Users\Marlene\Desktop\2.psd
[2013.04.18 08:48:14 | 000,001,456 | ---- | M] () -- C:\Users\Marlene\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2013.04.15 08:02:51 | 000,015,735 | -H-- | M] () -- C:\Users\Marlene\Desktop\house.s06e06.dvdrip.xvid-reward.AVI.mta
[2013.04.12 20:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013.03.31 01:52:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.31 01:52:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.31 01:52:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.30 11:58:39 | 000,001,055 | ---- | M] () -- C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 00:26:47 | 002,802,310 | ---- | M] () -- C:\Users\Marlene\Desktop\lydia.psd
[2013.03.29 00:24:30 | 000,000,132 | ---- | M] () -- C:\Users\Marlene\AppData\Roaming\Adobe PNG Format CS5 Prefs
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.24 16:02:15 | 000,000,020 | ---- | C] () -- C:\Users\Marlene\defogger_reenable
[2013.04.24 16:01:48 | 000,050,477 | ---- | C] () -- C:\Users\Marlene\Desktop\Defogger.exe
[2013.04.24 15:48:28 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.24 14:25:47 | 012,917,756 | ---- | C] () -- C:\Users\Marlene\Desktop\mbar-1.05.0.1001.zip
[2013.04.21 20:14:57 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013.04.21 20:14:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013.04.16 18:20:25 | 005,422,798 | ---- | C] () -- C:\Users\Marlene\Desktop\2.psd
[2013.04.15 08:02:51 | 000,015,735 | -H-- | C] () -- C:\Users\Marlene\Desktop\house.s06e06.dvdrip.xvid-reward.AVI.mta
[2013.03.30 11:58:39 | 000,001,055 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.27 01:10:03 | 002,802,310 | ---- | C] () -- C:\Users\Marlene\Desktop\lydia.psd
[2013.01.31 12:45:28 | 000,000,132 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2013.01.26 13:26:21 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.25 14:38:21 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.25 14:38:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.11.16 22:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.16 22:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.09 18:49:09 | 000,000,234 | ---- | C] () -- C:\Users\Marlene\.swfinfo
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.26 10:35:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\klhbyp.sys
[2012.03.18 17:00:36 | 007,686,204 | ---- | C] () -- C:\Users\Marlene\obama_speech.pdf
[2012.03.18 17:00:02 | 000,792,585 | ---- | C] () -- C:\Users\Marlene\obamaen.pdf
[2011.10.18 11:40:08 | 000,001,456 | ---- | C] () -- C:\Users\Marlene\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2011.09.27 20:36:45 | 000,000,116 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.01 10:54:16 | 000,000,132 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.08.25 00:27:06 | 000,000,132 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.27 00:03:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.04.08 13:34:49 | 000,045,056 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\chrtmp
[2010.03.03 11:06:44 | 000,004,096 | RH-- | C] () -- C:\Users\Marlene\AppData\Local\keyfile3.drm
[2010.01.11 00:15:05 | 000,003,584 | R--- | C] () -- C:\Users\Marlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.28 19:30:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.28 19:28:27 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2009.12.27 15:52:34 | 000,000,094 | ---- | C] () -- C:\Users\Marlene\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.07.02 17:31:17 | 000,000,000 | -HSD | M] -- C:\Users\Marlene\AppData\Roaming\.#
[2012.09.24 11:52:49 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\111 Pix Ltd
[2010.05.18 10:42:28 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\acccore
[2013.04.24 14:50:10 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Ad-Aware Antivirus
[2013.01.23 17:02:42 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\AnvSoft
[2011.04.05 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Apowersoft
[2010.11.14 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Audacity
[2010.01.06 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Audio Recorder for Free
[2011.01.09 02:12:43 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\BitComet
[2011.04.05 22:58:12 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\BITS
[2012.03.18 17:07:36 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\BitTorrent
[2013.04.21 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Canneverbe Limited
[2010.03.26 01:13:55 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\CleanMyPC Software
[2010.02.06 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\com.adobe.ExMan
[2012.04.20 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\DAEMON Tools Lite
[2010.02.16 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\dataWeb
[2011.04.05 22:42:29 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\DonationCoder
[2013.04.24 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Dropbox
[2013.01.07 13:49:11 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\DVDVideoSoft
[2013.04.24 14:09:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Feedreader by netzwelt
[2010.03.11 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\FireShot
[2011.04.05 22:58:04 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\FlashGet
[2011.04.05 22:58:00 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\FlashGetBHO
[2012.11.05 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\FM Software Studio
[2013.04.24 14:09:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\FreeAudioPack
[2013.04.18 09:46:16 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Freecorder 7 Audio
[2010.01.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\GetRightToGo
[2010.03.10 10:09:39 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\GrabPro
[2010.09.18 14:42:30 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\ICQ
[2010.04.17 13:33:00 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\inkscape
[2009.12.28 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\InterVideo
[2012.09.28 10:22:33 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\MCMPEGEnc
[2010.04.01 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\MessengerGadget
[2011.01.01 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\MP3Find
[2011.06.19 13:09:01 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\NCH Swift Sound
[2013.04.24 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\OpenCandy
[2010.05.05 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\OpenOffice.org
[2010.01.26 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Opera
[2011.09.18 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Orbit
[2012.10.04 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\pdf995
[2010.03.05 01:07:44 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\phonostar GmbH
[2011.10.24 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\PhotoScape
[2010.01.22 18:37:24 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\PrimoPDF
[2011.09.18 14:45:41 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\ProgSense
[2010.04.23 23:32:03 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Publish Providers
[2010.03.18 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Recordpad
[2012.04.03 08:47:04 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Samsung
[2012.06.13 22:07:04 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\SendSpace
[2011.08.02 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Simfy
[2010.07.25 02:38:14 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Software Informer
[2011.08.25 00:57:27 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Sony
[2013.04.21 21:10:28 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Spotify
[2010.04.10 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2012.04.20 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Systweak
[2010.08.04 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\TeamViewer
[2009.12.27 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Template
[2010.01.08 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Thunderbird
[2012.01.23 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Tobit
[2011.04.16 00:23:20 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\TuneUp Software
[2011.11.04 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.11.17 00:25:25 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\UDC Profiles
[2010.04.01 01:24:48 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\UNOUndercover
[2013.04.03 00:20:43 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\uTorrent
[2012.11.17 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\VS Revo Group
[2013.01.16 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\Windows Live Writer
[2013.04.24 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\xplugin
[2010.05.08 13:33:41 | 000,000,000 | ---D | M] -- C:\Users\Marlene\AppData\Roaming\XWindows Dock
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >
         
__________________

Alt 24.04.2013, 18:41   #4
survivachick
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



Ich mach es mal in zwei Posts, weil das Forum mir anzeigt das die Nachrichten zu lang sind!

Alt 24.04.2013, 18:42   #5
survivachick
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



Extras
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2013 16:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marlene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 22,24% Memory free
7,93 Gb Paging File | 3,92 Gb Available in Paging File | 49,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 235,92 Gb Free Space | 51,73% Space Free | Partition Type: NTFS
 
Computer Name: MARLENE-VAIO | User Name: Marlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1591C6AF-FBEC-4BC0-AEA3-700069329C35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1A245517-8A44-4548-8CD4-5C0BAEF4ACC1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{23169B61-F7EE-4B9E-B34C-33295E9A7019}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{43E54AAD-C54D-43DA-8877-1BEF16F7EBF1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{46F4E4F8-4796-4E9D-B323-57B52504B698}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FC25FBD-6D7B-4497-822E-578A74A465C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7421A709-50CF-4BD2-BFE8-F12D10A4D46A}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{7C684C46-A37E-4D67-A104-DBFF3D2C5E8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8DFBC034-3CB2-423D-B0D5-722CC6DB2C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93543556-6DFA-43FA-A654-4D92892BD470}" = lport=138 | protocol=17 | dir=in | app=system | 
"{975203AD-8ED6-43D1-8771-8C1DF0B08CFC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9BBF6A13-D7F5-4ED7-8233-E16EF36EF616}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B1F61820-97B1-4BDA-A7DE-599362C005B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C3BD29D0-E976-401C-9560-B5D6454F42DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C61345AB-5090-4ECE-8765-2EE5F1F890AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CC802947-7EBC-4E6A-8D88-D57CF3025973}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6279EB7-D0A6-4D6C-8B39-AFB7ABE2EABD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7CC3C1E-1863-46DB-9C9E-36AE7B11F0AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FEE528A8-F74B-4D9A-B2B7-5C3EC7286F01}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033CCAC5-CC6D-491A-98D0-FAA5C98F335E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{133B29B4-3F5B-4231-9C17-0D4BB99BEC83}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{2A03A237-B018-4B22-AF0F-7F85A126C71C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{2C67E580-AFB2-401F-97DA-646237908002}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{30447664-C0DA-4D64-95C1-A91BF414D9B4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4340CA20-FAC3-40E0-9892-1727EE74C358}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{4A098DB4-7108-4F54-BD5C-BD3439842427}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4A87DA24-BA19-4038-971C-C46F32D0B583}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{59BBCCB3-6737-4DDE-B986-B2468C959712}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{5BAD46B6-610C-4C9B-8891-E35612784B0A}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{5DD706F3-51A6-46CC-87CD-723E2FCA7914}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{60B1D77C-F11C-4F8D-8763-CD3F46CC61B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{65F510CB-5F71-4FE4-A16C-53401B26F758}" = protocol=17 | dir=in | app=c:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe | 
"{665A179F-CDC6-43DB-B3E0-D83153A6D9E0}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{6ACC87BD-6677-46D0-8FBB-B90D08EE2E50}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6C262686-0BCE-44E5-963F-6BAE315E40E1}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{6C7BD859-4198-4B9F-B517-3C994A658124}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{6E12C1B0-9BAA-4A60-AE31-47954B352F4A}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareslideshowservice.exe | 
"{71A8BC2A-CDBA-453C-A3B0-EBE7C99A9E08}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{797DB39D-D261-417B-9365-D9712F931478}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{7FEE6F21-3585-4A3A-9402-06A5A76B9B51}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{85E4BE6D-C2BB-44D7-A8B7-0B2E52C9F3D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{89F12587-4D7E-48DF-8FAC-119715A04B8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8C892BAD-B248-4033-B9CB-2DA355BA9C3C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8D1A69A1-BB27-4692-AEE0-E817DAA7E17A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{910FF338-0B69-46D1-83F8-2CC28F4C9B8F}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{95A18DC2-758C-43BD-AEEA-90AFC0BD0274}" = protocol=6 | dir=in | app=c:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe | 
"{974FC643-FF67-46EC-82F0-F06EB3EA6E11}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{97B2B97D-BDF7-4681-BCB0-D5B007860C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A8118EE-537B-4FEC-B860-90612E0B537F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B1D023F-4A7B-44AA-B042-C9221EC5F5E6}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{A0A1267D-757F-4726-AC56-A537433EF12E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B283D250-21C4-461D-8130-A2F0F8E7D4F0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{B3738782-7646-4E82-B91B-D1C8C6E830DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B7410633-4905-4C61-87FB-68BBFA766064}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{BD05EFB5-C322-4232-91A8-88F94DA96178}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C659BB77-2AF9-4018-B508-68EE9C2E966A}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{D852C0DC-75A6-4D03-BD24-B42AF473038B}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareslideshowservice.exe | 
"{D9CF547C-93B5-445E-BF70-6121FEB5D45B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E79F5D23-2189-4EB6-A715-1871D62B9AF3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F7EA5671-8FEA-4ED2-AB12-E507A5975E47}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{04E685BF-14A4-4CA6-9E00-B626813CE1C4}C:\users\marlene\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0BB5D154-5B95-45B1-9740-C9655AF247C6}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe | 
"TCP Query User{0E773A35-4E32-4058-8158-22091D985A2E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{116C7464-1731-441C-80C4-800E3C140091}C:\users\marlene\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{18FDFABD-6FE8-463B-BEAF-0D4DB7B027DB}C:\users\marlene\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{30394D63-C70C-429C-9C82-6BF2AAF2731F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{43B71B59-9972-4887-8353-8A2D2C085DA1}C:\users\marlene\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{45432066-9C17-4DA7-BA33-D88B5DDBFA64}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{484E3D1B-D9D1-4CC5-8824-76169582B5F6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{51E2937D-8212-4E24-BD26-E787B3C94B99}C:\program files (x86)\spssinc\spss16de\spss.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spssinc\spss16de\spss.exe | 
"TCP Query User{59D03086-9E39-4BC6-BCA3-2350C0F69537}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe | 
"TCP Query User{7B5502EE-841B-44E3-A3A5-3F8F0C27B228}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{891827A2-E010-4019-87D1-B95F2B845CDF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{8B09CD65-3CFC-40CC-8706-0A44204ABC14}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"TCP Query User{A1AE8DC9-5A0E-4E63-8E13-322FC7A2C002}I:\spiele\midnight club 2\mc2_demo.exe" = protocol=6 | dir=in | app=i:\spiele\midnight club 2\mc2_demo.exe | 
"TCP Query User{A4A135B8-087C-49CE-9163-4205812B6F4B}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{C0B9CE1B-3934-45F1-8B50-38F364B76A4C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{EC39B62C-4D26-49E1-9F84-E5EFBD06F84A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F4E83B21-998E-4F24-BAFD-499F980D807E}C:\users\marlene\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{FE083205-C61C-4C0A-BE42-3D566AA477FA}C:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{FE8D8F53-4A0D-4E62-B124-66B6CFD78231}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"UDP Query User{009BE188-36C9-4F52-A19B-4D81D00E6688}C:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{091AF075-F185-41FB-940D-09E20455D192}C:\users\marlene\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{12029F65-F284-4EC4-8A2F-5A3F2DDE86F5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{13E62C7F-21A7-4144-A7CB-8A2322C0CA97}I:\spiele\midnight club 2\mc2_demo.exe" = protocol=17 | dir=in | app=i:\spiele\midnight club 2\mc2_demo.exe | 
"UDP Query User{3CFA9099-0277-423A-9820-293538627EBE}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{4049BAD8-470A-4CF7-B289-773B54AF67AC}C:\users\marlene\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{44C408EC-3D45-4469-85E3-EF9F80C801F8}C:\program files (x86)\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonostar-player\phonostar.exe | 
"UDP Query User{56C0C0D6-A828-4255-BE08-792C309DC2EA}C:\users\marlene\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{67DBCA77-F695-4EA6-8C18-12987F59332D}C:\users\marlene\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{6FDCD7E5-F229-44B9-ABF0-F8E59493DBB7}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{79AF01E0-29A7-40B0-A500-8E5A509E2AE7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8A14B8CF-018A-422C-83FA-8515381459D3}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"UDP Query User{8ADA4A16-AEF0-4D3A-AA24-73935E648C95}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{9C54B9B6-F6D4-47D1-BC29-91947F7F9DE0}C:\users\marlene\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\marlene\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{B6EBEC36-BEE6-4932-ACF5-6FCD89F9DD8F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BF277257-4CCA-4339-A8B0-4CF7B86ABE2D}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe | 
"UDP Query User{CB0A4D90-9BCC-4175-A3ED-BBE93A9F5609}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{E1BA7ED6-C6A1-41CF-9467-840DE77F3690}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{E9D3A665-B083-4610-A368-915A6DCD4BF0}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe | 
"UDP Query User{F0076F46-B3BB-431A-8B9B-3BCA6195CD94}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{F45AE1F9-2890-49B3-B267-68BB16A6F1E3}C:\program files (x86)\spssinc\spss16de\spss.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spssinc\spss16de\spss.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BB352E1-9FA5-46BD-8563-C6BE71571545}" = AAV ColorLab 64-bit 1.0.10.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F42AB02-6626-45DE-AA69-E141FDB82CDF}" = Vegas Pro 9.0 (64-bit)
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}" = AMD Drag and Drop Transcoding
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{98C0896D-2367-4D73-A4D1-8A04E83B0828}" = Setup_VEP_x64_Contain_SSDB_VCSW
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{F8B40DB4-FD07-4368-AA57-34F2B0839683}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C2A6871-98A5-4840-86C5-7D56B5FFD69E}" = HPpromotions
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{533D415A-4151-4AC5-858E-4068524C8051}_is1" = Jpg2Pdf version 1.2
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur 
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{75B60FC6-78E1-4DA5-A48A-4ECDF4A90B00}" = SmartViewer 16G
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-008A-0407-0000-0000000FF1CE}" = Microsoft Office 2007-Minianwendung für zuletzt verwendete Dokumente
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{99A89BD2-21DF-43EB-9024-9A4040F167F5}" = SPSS 16.0 für Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DA54D3F7-4915-1A37-7EA8-2741F05B77AC}" = HydraVision
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD980D24-1240-4052-A5F7-411786C36AC8}" = Remote Keyboard
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Ant Renamer 2_is1" = Ant Renamer
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ExpressBurn" = Express Burn
"FeedReader_is1" = FeedReader
"ffdshow_is1" = ffdshow v1.2.4499 [2013-01-04]
"Font Xplorer" = Font Xplorer 1.2.2 
"FormatFactory" = FormatFactory 3.0.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.21.1212
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Chrome" = Freecorder extension for Chrome
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71 Lite_is1" = GPL Ghostscript 8.71 Lite
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Full)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"MarketingTools" = VAIO Marketing Tools
"Messenger Plus!" = Messenger Plus!
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"MFU Module" = 
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.6
"RealPlayer 16.0" = RealPlayer
"Recordpad" = RecordPad Sound Recorder
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Software Informer_is1" = Software Informer 1.0 BETA
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"splashtop" = VAIO Quick Web Access
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"VAIO Help and Support" = 
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"VLC media player" = VLC media player 2.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"x-plugin-0" = x-plugin-0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MusicManager" = Music Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 10:03:30 | Computer Name = Marlene-VAIO | Source = MsgPlusService | ID = 0
Description = 
 
Error - 24.04.2013 10:15:04 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: bcc    Startzeit: 
01ce40f4e51ca4fe    Endzeit: 47    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 553ed507-ace9-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:16:48 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b14    Startzeit:
 01ce40f61ff76635    Endzeit: 41    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 988f1c4a-ace9-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:19:08 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1a48    Startzeit:
 01ce40f65c9233e2    Endzeit: 21    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 eb0b6e3b-ace9-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:19:08 | Computer Name = Marlene-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 26.0.1410.64,
 Zeitstempel: 0x5163bfb1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x752b4f0d  ID des fehlerhaften
 Prozesses: 0x10e0  Startzeit der fehlerhaften Anwendung: 0x01ce40f68a546f48  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ecfa2619-ace9-11e2-8fd4-60380e06200a
 
Error - 24.04.2013 10:20:30 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1dcc    Startzeit:
 01ce40f6af51d15f    Endzeit: 12    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 1c7143d5-acea-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:20:30 | Computer Name = Marlene-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 26.0.1410.64,
 Zeitstempel: 0x5163bfb1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x752b4f0d  ID des fehlerhaften
 Prozesses: 0x1aa0  Startzeit der fehlerhaften Anwendung: 0x01ce40f6b73f0c36  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1d9380f4-acea-11e2-8fd4-60380e06200a
 
Error - 24.04.2013 10:22:58 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 192c    Startzeit:
 01ce40f6e19efd1d    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 7490ff19-acea-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:22:58 | Computer Name = Marlene-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 26.0.1410.64,
 Zeitstempel: 0x5163bfb1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x752b4f0d  ID des fehlerhaften
 Prozesses: 0xdd8  Startzeit der fehlerhaften Anwendung: 0x01ce40f728e7415f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 75f4da0e-acea-11e2-8fd4-60380e06200a
 
Error - 24.04.2013 10:24:08 | Computer Name = Marlene-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 534    Startzeit: 
01ce40f73a14a1d3    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 9e5522e8-acea-11e2-8fd4-60380e06200a  
 
Error - 24.04.2013 10:24:08 | Computer Name = Marlene-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 26.0.1410.64,
 Zeitstempel: 0x5163bfb1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x752b4f0d  ID des fehlerhaften
 Prozesses: 0xbcc  Startzeit der fehlerhaften Anwendung: 0x01ce40f73ff8be98  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 9f862d4f-acea-11e2-8fd4-60380e06200a
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 24.04.2013 09:34:40 | Computer Name = Marlene-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 24.04.2013 10:03:03 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 24.04.2013 10:04:55 | Computer Name = Marlene-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 24.04.2013 10:07:14 | Computer Name = Marlene-VAIO | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 24.04.2013 10:07:15 | Computer Name = Marlene-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
[ OSession Events ]
Error - 15.08.2010 18:33:07 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.02.2011 17:49:31 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 15:47:32 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.03.2011 04:41:36 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.04.2011 16:30:39 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.04.2011 10:02:56 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.06.2011 17:04:40 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.07.2011 06:25:47 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2404
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2013 01:29:46 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 162000
 seconds with 64860 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2013 01:58:09 | Computer Name = Marlene-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1673
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.04.2013 08:52:06 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 24.04.2013 09:33:16 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 24.04.2013 09:33:16 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.04.2013 09:34:57 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7022
Description = Der Dienst "VAIO Power Management" wurde nicht richtig gestartet.
 
Error - 24.04.2013 09:36:08 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   csjutuvz  isom  jbsbhdm  nmvc  pfygbh  SBRE  wivbwxx
 
Error - 24.04.2013 09:39:36 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Samsung AllShare PC erreicht.
 
Error - 24.04.2013 09:39:36 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Samsung AllShare PC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 24.04.2013 10:04:48 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cyberlink RichVideo Service(CRVS)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 24.04.2013 10:04:48 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.04.2013 10:06:51 | Computer Name = Marlene-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   csjutuvz  isom  jbsbhdm  nmvc  pfygbh  SBRE  wivbwxx
 
[ TuneUp Events ]
Error - 07.07.2012 06:40:08 | Computer Name = Marlene-VAIO | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.07.2012 06:40:09 | Computer Name = Marlene-VAIO | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 02.08.2012 07:02:44 | Computer Name = Marlene-VAIO | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.03.2013 06:53:43 | Computer Name = Marlene-VAIO | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 05.03.2013 06:53:45 | Computer Name = Marlene-VAIO | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-24 18:53:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Marlene\AppData\Local\Temp\uxdirkob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\svchost.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000076fb1465 2 bytes [FB, 76]
.text   C:\Windows\SysWOW64\svchost.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2
.text   C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076fb1465 2 bytes [FB, 76]
.text   C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2
.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000076fb1465 2 bytes [FB, 76]
.text   C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2
.text   C:\Users\Marlene\AppData\Local\Akamai\netsession_win.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076fb1465 2 bytes [FB, 76]
.text   C:\Users\Marlene\AppData\Local\Akamai\netsession_win.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2
.text   C:\Users\Marlene\AppData\Roaming\Dropbox\bin\Dropbox.exe[344] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                     0000000076fb1465 2 bytes [FB, 76]
.text   C:\Users\Marlene\AppData\Roaming\Dropbox\bin\Dropbox.exe[344] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                    0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2
.text   C:\Program Files (x86)\Google\Drive\googledrivesync.exe[992] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                      0000000076fb1465 2 bytes [FB, 76]
.text   C:\Program Files (x86)\Google\Drive\googledrivesync.exe[992] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                     0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                       * 2

---- User IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\system32\svchost.exe[556] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress]                                                  [55580002820] c:\windows\system32\uxtuneup.dll
IAT     C:\Windows\system32\svchost.exe[556] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile]                                                        [55580002700] c:\windows\system32\uxtuneup.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1344:2248]                                                                                                               000007fef9d600cc
Thread  C:\Windows\system32\svchost.exe [1344:3812]                                                                                                               000007fef1285170
Thread  C:\Windows\System32\spoolsv.exe [1644:2696]                                                                                                               000007fef92810c8
Thread  C:\Windows\System32\spoolsv.exe [1644:2756]                                                                                                               000007fef9246144
Thread  C:\Windows\System32\spoolsv.exe [1644:2760]                                                                                                               000007fef8f15fd0
Thread  C:\Windows\System32\spoolsv.exe [1644:2764]                                                                                                               000007fef8f03438
Thread  C:\Windows\System32\spoolsv.exe [1644:2768]                                                                                                               000007fef8f163ec
Thread  C:\Windows\System32\spoolsv.exe [1644:2796]                                                                                                               000007fef93c5e5c

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337512d1                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433d3db9f                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60380e06200a                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60380e06200a@001fe4f43598                                                                  0x6D 0xCC 0x38 0x8C ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60380e06200a@f008f1561e5d                                                                  0x4C 0xFA 0x2E 0x5B ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                       0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                       0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                    0xB6 0x12 0xDF 0x6C ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337512d1 (not active ControlSet)                                                           
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433d3db9f (not active ControlSet)                                                           
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60380e06200a (not active ControlSet)                                                           
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60380e06200a@001fe4f43598                                                                      0x6D 0xCC 0x38 0x8C ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60380e06200a@f008f1561e5d                                                                      0x4C 0xFA 0x2E 0x5B ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                      
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                           0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                           0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0xB6 0x12 0xDF 0x6C ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AB0EC55-71DE-FC6D-89BF-0C6E4D5B97EE}                                           
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AB0EC55-71DE-FC6D-89BF-0C6E4D5B97EE}@jadlckoklafacckggkmp                      0x62 0x61 0x68 0x66 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AB0EC55-71DE-FC6D-89BF-0C6E4D5B97EE}@jadlckoklafacckggkaa                      0x62 0x61 0x6F 0x65 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AB0EC55-71DE-FC6D-89BF-0C6E4D5B97EE}@iadkgomfinojabdlda                        0x6B 0x61 0x67 0x66 ...

---- Files - GMER 2.1 ----

File    C:\Users\Marlene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JTD63X9X\www.wilmaa.com.\player                                                   0 bytes
File    C:\Users\Marlene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JTD63X9X\www.wilmaa.com.\player\main_v3.184.swf                                   0 bytes
File    C:\Users\Marlene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JTD63X9X\www.wilmaa.com.\WilmaaLoginUnsecure.sol                                  338 bytes
File    C:\Users\Marlene\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.wilmaa.com.\settings.sol                             85 bytes

---- EOF - GMER 2.1 ----
         


Alt 24.04.2013, 19:37   #6
aharonov
/// TB-Ausbilder
 
Malware CouponDropDown löschen - Standard

Malware CouponDropDown löschen



Dieses CouponDropDown wird jeweils von irgendwelchen Addons im Browser mitgebracht, welche du installierst. Deaktiviere im Browser mal ein Addon nach dem anderen und teste immer gleich danach, ob das Problem verschwunden ist. So kannst du den Verantwortlichen identifizieren und entfernen. (Oft sind es irgendwelche Video-Downloader Addons oder so..)

Aber leider kann ich hier nicht weitermachen, denn..
Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
.. durch diese Einträge blockierst du die Aktivierung deiner Adobe CS3 Produkte..

Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:
Cracks und Keygens

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden.

Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen.

Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________
--> Malware CouponDropDown löschen

Antwort

Themen zu Malware CouponDropDown löschen
angezeigt, archiv, banner, basic, bereits, blau, brauche, browser, browsern, community, extras, files, firefox, gen, gmer, hilfesuche, log, löschen, malware, neu, nichts, poste, problem, scan, virenscan, wörter



Ähnliche Themen: Malware CouponDropDown löschen


  1. WinZip Malware Protector nicht zu löschen!
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (1)
  2. Adware Cleaner kann Malware nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 25.12.2014 (9)
  3. Malware läßt sich mal wieder nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (2)
  4. Malware lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (24)
  5. W7 Malware Befall – Rester löschen
    Log-Analyse und Auswertung - 11.09.2013 (14)
  6. CouponDropDown
    Log-Analyse und Auswertung - 14.07.2013 (21)
  7. ClickCompare Malware löschen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (10)
  8. malware lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (19)
  9. Complitly - malware und Coupondropdown - adware auf meinem Computer
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (23)
  10. Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (32)
  11. snap.do noch da trotz Malware-Aktion und Löschen in Systemsteuerung
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (33)
  12. Coupondropdown
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (58)
  13. Malware: "Click to Continue > by CouponDropDown" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (7)
  14. Kann ich Quarantäne-Dateien im Malware ohne weiteres löschen??
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (1)
  15. Systemcheck Malware: mit Löschen getan?
    Log-Analyse und Auswertung - 21.02.2012 (1)
  16. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  17. Anti Malware Doctor lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (10)

Zum Thema Malware CouponDropDown löschen - Hallo Community, ich bin neu hier und meine PC Kenntnisse sind eher basic, daher brauche ich bitte Hilfe. Wie schon einige User vor mir habe ich das Problem, dass in - Malware CouponDropDown löschen...
Archiv
Du betrachtest: Malware CouponDropDown löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.