Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Claro Search entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.12.2012, 15:12   #1
sw_hh
 
Claro Search entfernen - Standard

Claro Search entfernen



Moin und erstmal frohe Weihnachten, ich hatte hier schonmal gute Hilfe gefunden und hoffe das ganze mal wiederholen zu können. Ich hatte gestern einigen Stress mit meinem iPhone und musste, um es booten zu können, gezwungener maßen einige dubiosere Ecken des Netzes durchforsten. Jetzt erscheint jedes mal wenn ich einen neuen Tab öffne die Suchmaske von "Claro Search". Hab jetzt gelesen, dass es sich hierbei um Malware handelt und die einfache Deinstalation, wie hier: hxxp://www.gutefrage.net/frage/claro-search-entfernen beschrieben nicht ausreicht. Deswegen wende ich mich an euch.

Hier mal die Log Files von DeFogger und OTL:

DeFogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 25/12/2012 (Steffen - Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL:
Zitat:
OTL logfile created on: 25.12.2012 14:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\Kaspersky\avp.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- D:\MS Office\Office14\MSOSYNC.EXE
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Roccat\Kone[+]\Kone[+]Monitor.exe
PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
PRC - [2011.03.21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- D:\Razer\Lycosa\razerhid.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Kaspersky\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Kaspersky\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Kaspersky\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Kaspersky\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Kaspersky\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Kaspersky\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- D:\Kaspersky\imageformats\qgif4.dll
MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Roccat\Kone[+]\hiddriver.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 12:21:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Kaspersky\avp.exe -- (AVP)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\MS Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.28 15:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.31 18:01:28 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.29 14:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=HP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=113480&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=KW_ss&mntrId=be18ed110000000000000024219c3590&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Kaspersky\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Kaspersky\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Kaspersky\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Mozilla\components [2012.12.04 20:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Mozilla\plugins

[2012.02.27 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Extensions
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions
[2012.02.28 20:48:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.25 01:07:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\firefox\profiles\7eyjdgvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2012.12.25 02:00:51 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] D:\Kaspersky\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] D:\MS Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] D:\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [RoccatKone+] D:\Roccat\Kone[+]\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [OfficeSyncProcess] D:\MS Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7755D0-1803-4600-947F-9B4588296603}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAB7CF4-9B3F-469F-B762-E4A71E6526B2}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.25 14:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{2DD98775-E9D9-46FD-A231-96F68C7D5814}
[2012.12.25 01:21:52 | 001,039,360 | ---- | C] (iH8sn0w) -- C:\Users\Steffen - Admin\Desktop\iREB-r6.exe
[2012.12.25 01:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.25 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 01:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.25 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.12.25 01:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.24 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.12.24 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{46DFD9A3-97E8-4B4F-B811-D95714279237}
[2012.12.24 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\LogMeIn Hamachi
[2012.12.24 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\.shsh
[2012.12.24 22:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\redsn0w_win_0.9.15b3
[2012.12.24 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.12 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

========== Files - Modified Within 30 Days ==========

[2012.12.25 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 14:42:04 | 000,050,477 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 13:56:32 | 000,000,350 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.12.25 13:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.25 13:53:41 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 12:01:02 | 003,282,727 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 02:34:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012.12.25 02:00:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.25 01:21:39 | 000,398,686 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.24 23:27:27 | 002,599,936 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:23:31 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.24 10:13:41 | 000,000,646 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.12.23 10:23:07 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.06 14:02:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 14:02:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 14:02:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 14:02:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 14:02:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012.12.25 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:03 | 000,050,477 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 12:00:59 | 003,282,727 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 01:21:38 | 000,398,686 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 01:16:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.24 23:27:25 | 002,599,936 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:13:41 | 000,000,646 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.11.10 21:55:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.21 14:29:10 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012.07.20 20:11:57 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 20:30:21 | 000,281,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.14 13:51:50 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.14 13:51:47 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.03.14 13:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.03.14 13:51:46 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2012.03.14 13:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.03.14 13:51:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.14 13:51:00 | 000,000,350 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.03.11 14:15:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 02:53:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.08.09 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Babylon
[2012.08.09 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\BabylonToolbar
[2012.02.28 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoft
[2012.02.28 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\loadtbs
[2012.02.27 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.02.27 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Origin
[2012.12.25 02:55:25 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.07.20 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Software4u
[2012.02.27 00:33:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\ts3overlay

========== Purity Check ==========



< End of report >
Extras:
Zitat:
OTL Extras logfile created on: 25.12.2012 14:57:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052657D-FC73-4D13-9E9A-E7EACB445299}" = lport=137 | protocol=17 | dir=in | app=system |
"{02434681-2B88-43BF-BF5C-D3ED4B5C063F}" = rport=139 | protocol=6 | dir=out | app=system |
"{116C2F68-E911-408A-AD44-3D8DA1C32D50}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{159BEDD4-C8F7-4D50-B946-45BD99639F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5404BE-3F91-4871-ADF1-115FB50C8776}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D8A4073-D399-4A6D-814C-2ECECE907924}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{257D7FA9-A8E3-4805-967D-9A6B8587FA04}" = rport=137 | protocol=17 | dir=out | app=system |
"{27C3EA32-A5E0-4F92-9C4C-C25B16E048A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{294E837C-19A1-4DE2-878E-68342B0A4EA7}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C71D156-3BB8-46A4-9391-2E7CE5790054}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38087AE9-2322-41C9-B8E5-F81974F40CFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39A7AC19-0B61-4E7B-935F-1386B039F554}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C39B19D-10A0-47A1-A9C4-2B1911675C35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CDC2EF8-50B1-4C02-824C-FDF4E7D79EDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53DDF956-6347-4A3B-855B-7BA28E9DE4FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{58A818C6-D621-44CA-B504-A9F9A849E71A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D48E133-0D74-40AF-9BF4-9E500EA7794A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{7FB6B418-8A78-4654-893B-FD463392D99B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82C20C06-DB9E-4257-A061-799587F302AE}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office\office14\outlook.exe |
"{833CD101-90A3-4662-929A-C6A8C8FFC96B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92308831-60BD-4710-973A-CD702EAD8E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97E1592B-0ADF-4680-9107-D9F204D6094C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8DD4282-7A70-452D-BB36-9C0710DF67E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4456700-043A-4E96-A966-0A0536AD7A3A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{B8562666-BA7D-491D-8236-3917CC2E7382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EE681849-CDA8-4376-9057-2F80DDF165C2}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{F9DB8A52-AA9B-42C3-87E0-514ECFF2C33E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC8DBD78-DB84-4161-A01A-5C7C0D12A80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B3853-B029-402F-9EA9-1FA1681C9FB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0713689F-2CE2-4EAB-8452-D4B9522530FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0C50954B-8239-4297-B2E2-008CAC741087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DFA682E-2113-47F2-B587-89AC5A4F36C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14E54660-1F27-4302-8D27-17575D78AE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{16E3830A-7D2F-4444-9964-6DCA6DB3E67F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AD3FB60-50CB-4748-A136-8A8EFC7EA9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24DD3C1D-CEA8-42E3-8AEF-209CBC1AB514}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26CD0B9D-B820-4122-85E2-6BC2DFC7D15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3028457A-58A6-4242-862F-F20C4D8AA50B}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{3111656B-FE8B-47F6-9BC1-6C5A47B0711D}" = protocol=6 | dir=out | app=system |
"{37081F09-AB4A-4CDF-B209-440F5C695284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3EAD2E93-9123-4D30-A0E2-BD6304727D3C}" = protocol=6 | dir=in | app=d:\ms office\office14\groove.exe |
"{3F5750B9-FFC4-4A0C-BCD2-1B08A07552BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45280D27-ABFB-4BC9-A9A2-099C988D5E81}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{484E721B-CAF6-44F1-ADDB-7E8211DFD823}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{50F5C92E-721A-447F-BAD0-2C4083EF6C24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51864861-3BCD-40D9-A835-76C44ECC5224}" = protocol=17 | dir=in | app=d:\ms office\office14\groove.exe |
"{533C88A2-7272-4F33-A91F-41451284A483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{554A09E5-2EE9-4CB9-9970-91E1D59C302F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{5F8F4805-45B8-4A94-9521-8F90BE196547}" = protocol=17 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{618AA65B-0F8C-4BD7-ACAC-EEFBEB5CEECA}" = protocol=17 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{61CA0DC4-B882-4B46-B841-BAB74A138FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6799F482-E6CE-41B1-A688-F9886EB56C09}" = protocol=6 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{699F6DC3-CDE5-4FDB-BBFA-A8BFC8965194}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C1111D7-E9B2-4BFD-9A09-FB3D7DB0EDCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73140F80-FB02-42B6-A400-4B14F0E1600D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73912005-FE77-42AE-9838-90130DDE01E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C655A6E-791D-4ED8-AA57-1A1ADC9F35FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DC44E66-5570-4063-8023-BDE707B66FC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EE31BEE-8B86-4F4A-8F90-F34D5EF66D5A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7FF5ACCB-98BB-43B5-8E92-B7D400DFF15C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{81AE36A8-89FC-472F-93C5-BFDC9A981561}" = protocol=6 | dir=in | app=d:\ms office\office14\onenote.exe |
"{84469555-78ED-4CF1-9FEA-25ED60A678D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8BF51439-CC5D-4D65-9ECF-3CA5A7AB0088}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8EF9CAEF-A7BB-425D-8FD1-1446078765FF}" = protocol=17 | dir=in | app=d:\ms office\office14\onenote.exe |
"{9450EAFE-A816-43C0-9225-61571A074D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{948754C5-3632-4752-8010-57AD7BD6A8F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{96F26B31-19A7-4D68-9F20-0E208D511280}" = protocol=6 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{98B1FA85-AE58-491E-835D-143A4A54E9D6}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9BBA0001-0C03-4BFC-8927-E28549203155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CBC5010-47E3-4F0E-9A16-BBA9323A78B1}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{9CCC1BD6-C171-4429-89EE-6ABBA259C1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A00E78F1-667E-4792-952C-30872B298F46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A3174C41-1E20-42E6-81C6-E6BC716F5B2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A44F4599-08C0-4C6B-82D3-E41E33EF83FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A47FFD17-D99F-4752-A351-9AADAAC456C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{A69B5BB2-5C7F-4DF2-BC1E-D00CF7E53EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A734FA7D-C9C5-4850-A7B6-4CE5DF11A22C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A760F09E-690C-48F2-A0EC-6FB43C2883F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A90FEB05-790C-44A0-9812-348191B40BDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A9203072-CD42-4000-91C7-01DA6F8E964A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABBF7812-645B-4ACF-871C-F9C85AB8B2EB}" = dir=in | app=d:\itunes\itunes.exe |
"{B2C1FCA5-CCEF-4C0E-8ECB-326FF9295298}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4D22DC0-D395-422A-9391-56540B359EBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98CE722-FA84-40E0-A44D-CAE236C0923F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BC04A8CF-DEFB-42A6-9329-E542A82D187D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BF2E3393-0C14-45E4-A67A-02054073B0B3}" = protocol=6 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{C3E2C614-AE3E-470F-B98F-D057091F0B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C8D93424-1AC5-46C3-9B45-C13A2881728E}" = protocol=58 | dir=in | app=system |
"{CB03E13A-F18D-4136-B438-9402869BB848}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0602970-F651-4793-B2E1-00F291387F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1753C99-9073-4D13-A4CF-D6F649959D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D76CBFDB-2421-49E1-9238-52F484C02CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7B5EF6E-AF97-4331-9829-739625D371A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96F9CFF-C5B9-44B1-90BD-CF63AF01D5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF24222-7756-4C1D-891E-21EAC82CB5F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE5A2FB9-CD4F-43E8-98DC-9E81EBEC5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2795421-08B5-4B09-AF4F-02B51BF77E2B}" = protocol=17 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{F213EC1F-A984-4FC5-8048-7F7F6E4F635B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1AA3A0C7-6BEA-4212-A317-76D115641AD4}" = Origin86
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C98F2F1-8921-4F0D-AEBD-029A56C18963}" = Brother HL-3040CN
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15F034C-CF2A-4F78-821D-DBFB519101B4}_is1" = Portal Deluxe Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Standard)
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"Zeus and Poseidon_is1" = Zeus and Poseidon

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

[ Cisco AnyConnect VPN Client Events ]
Error - 24.12.2012 19:58:20 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 19:58:21 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 24.12.2012 20:10:57 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 20:10:58 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 24.12.2012 21:20:17 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 21:20:18 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 25.12.2012 06:48:40 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 25.12.2012 06:48:41 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 25.12.2012 08:53:58 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 25.12.2012 08:53:59 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

[ Media Center Events ]
Error - 16.03.2012 13:26:59 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:26:57 - Fehler beim Herstellen der Internetverbindung. 18:26:57
- Serververbindung konnte nicht hergestellt werden..

Error - 16.03.2012 13:27:11 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:27:06 - Fehler beim Herstellen der Internetverbindung. 18:27:06
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.

Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 28.11.2012 14:11:45 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 02:45:00 unerwartet heruntergefahren.

Error - 04.12.2012 15:59:20 | Computer Name = Herbert | Source = bowser | ID = 8003
Description =

Error - 06.12.2012 17:13:02 | Computer Name = Herbert | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12.12.2012 07:21:05 | Computer Name = Herbert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.

Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 12.12.2012 07:21:47 | Computer Name = Herbert | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.

Error - 15.12.2012 14:42:00 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?12.?2012 um 00:05:16 unerwartet heruntergefahren.


< End of report >
Falls noch Fragen zum System sind:

Windows 7 Ultimate SP1 64 Bit
Motherboard: MSI X58 Pro-E
CPU: i7 920
Grafik: Nvidia 285 GTX
RAM: 6 GB DDR3 1033 Hz

Schonmal vielen vielen Dank im Vorraus und sorry, dass ich an den Feiertagen nach Hilfe suchen muss.

Alt 26.12.2012, 12:27   #2
M-K-D-B
/// TB-Ausbilder
 
Claro Search entfernen - Standard

Claro Search entfernen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 4
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die beiden Logdateien von OTL.
__________________

__________________

Alt 26.12.2012, 20:59   #3
sw_hh
 
Claro Search entfernen - Standard

Claro Search entfernen



So:

ADW:
Zitat:
# AdwCleaner v2.103 - Datei am 26/12/2012 um 20:22:55 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Steffen - Admin - HERBERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffen - Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\STEFFE~1\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKU\S-1-5-21-770739208-383876241-156322460-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=HP_ss&mntrId=be18ed110000000000000024219c3590 --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.2 (de)

Datei : C:\Users\Steffen - Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7eyjdgvh.default\prefs.js

C:\Users\Steffen - Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7eyjdgvh.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babs[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=113480&tt=090[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "be18ed110000000000000024219c3590");
Gelöscht : user_pref("extensions.claro.instlDay", "15561");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
Gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:13:36");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/claro");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=KW_s[...]

Datei : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\t3vdfymy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4207 octets] - [26/12/2012 20:22:55]

########## EOF - C:\AdwCleaner[S1].txt - [4267 octets] ##########
JRT
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.5 (12.24.2012:1)
OS: Windows 7 Ultimate x64
Ran by Steffen - Admin on 26.12.2012 at 20:29:12,97
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Steffen - Admin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Steffen - Admin\AppData\Roaming\software4u"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2012 at 20:39:01,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.12.2012 20:48:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 66,07% Memory free
11,98 Gb Paging File | 9,82 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 530,30 Gb Free Space | 71,14% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2012.12.04 20:48:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- D:\Mozilla\firefox.exe
PRC - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\Kaspersky\avp.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- D:\MS Office\Office14\MSOSYNC.EXE
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Roccat\Kone[+]\Kone[+]Monitor.exe
PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
PRC - [2011.03.21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- D:\Razer\Lycosa\razerhid.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Kaspersky\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Kaspersky\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Kaspersky\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Kaspersky\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Kaspersky\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Kaspersky\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- D:\Kaspersky\imageformats\qgif4.dll
MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Roccat\Kone[+]\hiddriver.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 12:21:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Kaspersky\avp.exe -- (AVP)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\MS Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.28 15:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.31 18:01:28 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.29 14:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Kaspersky\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Kaspersky\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Kaspersky\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Mozilla\components [2012.12.04 20:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Mozilla\plugins
 
[2012.02.27 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Extensions
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions
[2012.02.28 20:48:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.25 01:07:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\firefox\profiles\7eyjdgvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
O1 HOSTS File: ([2012.12.25 02:00:51 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] D:\Kaspersky\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] D:\MS Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] D:\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [RoccatKone+] D:\Roccat\Kone[+]\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [OfficeSyncProcess] D:\MS Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7755D0-1803-4600-947F-9B4588296603}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAB7CF4-9B3F-469F-B762-E4A71E6526B2}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.26 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\Log Files 2
[2012.12.26 20:29:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.26 20:29:02 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.26 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\Log Files 1
[2012.12.26 20:20:42 | 000,496,364 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Steffen - Admin\Desktop\JRT.exe
[2012.12.26 20:17:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{5196AABB-F663-4EBB-828B-897575D82F8B}
[2012.12.25 19:54:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\redsn0w_win_0.9.15b3
[2012.12.25 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\.minecraft
[2012.12.25 14:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{2DD98775-E9D9-46FD-A231-96F68C7D5814}
[2012.12.25 01:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.25 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 01:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.25 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.12.25 01:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.24 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.12.24 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{46DFD9A3-97E8-4B4F-B811-D95714279237}
[2012.12.24 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\LogMeIn Hamachi
[2012.12.24 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\.shsh
[2012.12.24 21:40:33 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.12.24 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.22 16:52:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 16:52:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 16:52:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.22 16:52:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.14 00:02:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.14 00:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.14 00:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.14 00:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.14 00:02:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.14 00:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.14 00:02:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.14 00:02:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.14 00:01:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.14 00:01:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.14 00:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.14 00:01:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.14 00:01:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.14 00:01:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.14 00:01:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 19:57:27 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 19:57:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 19:57:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 19:57:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 19:57:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 19:57:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 19:57:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 19:57:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 19:57:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 19:57:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 19:57:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 19:57:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 19:57:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 19:57:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 19:57:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 19:57:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 19:57:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 19:57:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 19:57:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.26 20:33:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 20:33:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 20:26:26 | 000,000,350 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.12.26 20:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.26 20:25:34 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 20:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.26 20:20:46 | 000,496,364 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Steffen - Admin\Desktop\JRT.exe
[2012.12.26 20:19:59 | 000,550,017 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\adwcleaner.exe
[2012.12.25 20:05:32 | 930,639,149 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\iPhone3,1_6.0.1_10A523_Restore.ipsw
[2012.12.25 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 14:42:04 | 000,050,477 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 02:34:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012.12.25 02:00:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.25 01:17:32 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.24 10:23:31 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.24 10:13:41 | 000,000,646 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.12.23 10:23:07 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 12:21:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 12:21:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.06 14:02:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 14:02:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 14:02:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 14:02:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 14:02:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.12.26 20:19:53 | 000,550,017 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\adwcleaner.exe
[2012.12.25 19:56:06 | 930,639,149 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\iPhone3,1_6.0.1_10A523_Restore.ipsw
[2012.12.25 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:03 | 000,050,477 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 01:17:32 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 01:16:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.24 10:13:41 | 000,000,646 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.11.10 21:55:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.21 14:29:10 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012.07.20 20:11:57 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 20:30:21 | 000,281,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.14 13:51:50 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.14 13:51:47 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.03.14 13:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.03.14 13:51:46 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2012.03.14 13:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.03.14 13:51:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.14 13:51:00 | 000,000,350 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.03.11 14:15:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 02:53:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.12.2012 20:48:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 66,07% Memory free
11,98 Gb Paging File | 9,82 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 530,30 Gb Free Space | 71,14% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052657D-FC73-4D13-9E9A-E7EACB445299}" = lport=137 | protocol=17 | dir=in | app=system | 
"{02434681-2B88-43BF-BF5C-D3ED4B5C063F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{116C2F68-E911-408A-AD44-3D8DA1C32D50}" = lport=56352 | protocol=6 | dir=in | name=pando media booster | 
"{159BEDD4-C8F7-4D50-B946-45BD99639F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C5404BE-3F91-4871-ADF1-115FB50C8776}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1D8A4073-D399-4A6D-814C-2ECECE907924}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{257D7FA9-A8E3-4805-967D-9A6B8587FA04}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27C3EA32-A5E0-4F92-9C4C-C25B16E048A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{294E837C-19A1-4DE2-878E-68342B0A4EA7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2C71D156-3BB8-46A4-9391-2E7CE5790054}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{38087AE9-2322-41C9-B8E5-F81974F40CFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39A7AC19-0B61-4E7B-935F-1386B039F554}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C39B19D-10A0-47A1-A9C4-2B1911675C35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CDC2EF8-50B1-4C02-824C-FDF4E7D79EDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{53DDF956-6347-4A3B-855B-7BA28E9DE4FD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{58A818C6-D621-44CA-B504-A9F9A849E71A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5D48E133-0D74-40AF-9BF4-9E500EA7794A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster | 
"{7FB6B418-8A78-4654-893B-FD463392D99B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82C20C06-DB9E-4257-A061-799587F302AE}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office\office14\outlook.exe | 
"{833CD101-90A3-4662-929A-C6A8C8FFC96B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{92308831-60BD-4710-973A-CD702EAD8E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{97E1592B-0ADF-4680-9107-D9F204D6094C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A8DD4282-7A70-452D-BB36-9C0710DF67E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B4456700-043A-4E96-A966-0A0536AD7A3A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster | 
"{B8562666-BA7D-491D-8236-3917CC2E7382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EE681849-CDA8-4376-9057-2F80DDF165C2}" = lport=56352 | protocol=6 | dir=in | name=pando media booster | 
"{F9DB8A52-AA9B-42C3-87E0-514ECFF2C33E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FC8DBD78-DB84-4161-A01A-5C7C0D12A80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B3853-B029-402F-9EA9-1FA1681C9FB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0713689F-2CE2-4EAB-8452-D4B9522530FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{073223CB-71EA-4726-B955-95DBB0C554D9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{0C50954B-8239-4297-B2E2-008CAC741087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DFA682E-2113-47F2-B587-89AC5A4F36C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{14E54660-1F27-4302-8D27-17575D78AE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{16E3830A-7D2F-4444-9964-6DCA6DB3E67F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1AD3FB60-50CB-4748-A136-8A8EFC7EA9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{24DD3C1D-CEA8-42E3-8AEF-209CBC1AB514}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{26CD0B9D-B820-4122-85E2-6BC2DFC7D15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3028457A-58A6-4242-862F-F20C4D8AA50B}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{3111656B-FE8B-47F6-9BC1-6C5A47B0711D}" = protocol=6 | dir=out | app=system | 
"{37081F09-AB4A-4CDF-B209-440F5C695284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3EAD2E93-9123-4D30-A0E2-BD6304727D3C}" = protocol=6 | dir=in | app=d:\ms office\office14\groove.exe | 
"{3F5750B9-FFC4-4A0C-BCD2-1B08A07552BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{45280D27-ABFB-4BC9-A9A2-099C988D5E81}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{484E721B-CAF6-44F1-ADDB-7E8211DFD823}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{50F5C92E-721A-447F-BAD0-2C4083EF6C24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51864861-3BCD-40D9-A835-76C44ECC5224}" = protocol=17 | dir=in | app=d:\ms office\office14\groove.exe | 
"{533C88A2-7272-4F33-A91F-41451284A483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{554A09E5-2EE9-4CB9-9970-91E1D59C302F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{5F8F4805-45B8-4A94-9521-8F90BE196547}" = protocol=17 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe | 
"{618AA65B-0F8C-4BD7-ACAC-EEFBEB5CEECA}" = protocol=17 | dir=in | app=f:\schlacht um mittelerde\game.dat | 
"{61CA0DC4-B882-4B46-B841-BAB74A138FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6799F482-E6CE-41B1-A688-F9886EB56C09}" = protocol=6 | dir=in | app=f:\schlacht um mittelerde\game.dat | 
"{699F6DC3-CDE5-4FDB-BBFA-A8BFC8965194}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C1111D7-E9B2-4BFD-9A09-FB3D7DB0EDCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{73140F80-FB02-42B6-A400-4B14F0E1600D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{73912005-FE77-42AE-9838-90130DDE01E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C655A6E-791D-4ED8-AA57-1A1ADC9F35FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7DC44E66-5570-4063-8023-BDE707B66FC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7FF5ACCB-98BB-43B5-8E92-B7D400DFF15C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{81AE36A8-89FC-472F-93C5-BFDC9A981561}" = protocol=6 | dir=in | app=d:\ms office\office14\onenote.exe | 
"{84469555-78ED-4CF1-9FEA-25ED60A678D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8BF51439-CC5D-4D65-9ECF-3CA5A7AB0088}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8EF9CAEF-A7BB-425D-8FD1-1446078765FF}" = protocol=17 | dir=in | app=d:\ms office\office14\onenote.exe | 
"{9450EAFE-A816-43C0-9225-61571A074D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{948754C5-3632-4752-8010-57AD7BD6A8F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{96F26B31-19A7-4D68-9F20-0E208D511280}" = protocol=6 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe | 
"{98B1FA85-AE58-491E-835D-143A4A54E9D6}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{9BBA0001-0C03-4BFC-8927-E28549203155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9CBC5010-47E3-4F0E-9A16-BBA9323A78B1}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{9CCC1BD6-C171-4429-89EE-6ABBA259C1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A00E78F1-667E-4792-952C-30872B298F46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A3174C41-1E20-42E6-81C6-E6BC716F5B2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A44F4599-08C0-4C6B-82D3-E41E33EF83FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A47FFD17-D99F-4752-A351-9AADAAC456C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{A69B5BB2-5C7F-4DF2-BC1E-D00CF7E53EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{A734FA7D-C9C5-4850-A7B6-4CE5DF11A22C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A760F09E-690C-48F2-A0EC-6FB43C2883F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A90FEB05-790C-44A0-9812-348191B40BDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A9203072-CD42-4000-91C7-01DA6F8E964A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABBF7812-645B-4ACF-871C-F9C85AB8B2EB}" = dir=in | app=d:\itunes\itunes.exe | 
"{B2C1FCA5-CCEF-4C0E-8ECB-326FF9295298}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B4D22DC0-D395-422A-9391-56540B359EBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B98CE722-FA84-40E0-A44D-CAE236C0923F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BC04A8CF-DEFB-42A6-9329-E542A82D187D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{BF171A89-B200-4324-8F73-0D8A9255B870}" = protocol=58 | dir=in | app=system | 
"{BF2E3393-0C14-45E4-A67A-02054073B0B3}" = protocol=6 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe | 
"{C3E2C614-AE3E-470F-B98F-D057091F0B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CB03E13A-F18D-4136-B438-9402869BB848}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0602970-F651-4793-B2E1-00F291387F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1753C99-9073-4D13-A4CF-D6F649959D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{D76CBFDB-2421-49E1-9238-52F484C02CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D7B5EF6E-AF97-4331-9829-739625D371A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D96F9CFF-C5B9-44B1-90BD-CF63AF01D5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAF24222-7756-4C1D-891E-21EAC82CB5F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE5A2FB9-CD4F-43E8-98DC-9E81EBEC5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E2795421-08B5-4B09-AF4F-02B51BF77E2B}" = protocol=17 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe | 
"{F213EC1F-A984-4FC5-8048-7F7F6E4F635B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1AA3A0C7-6BEA-4212-A317-76D115641AD4}" = Origin86
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C98F2F1-8921-4F0D-AEBD-029A56C18963}" = Brother HL-3040CN
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15F034C-CF2A-4F78-821D-DBFB519101B4}_is1" = Portal Deluxe Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Standard)
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"Zeus and Poseidon_is1" = Zeus and Poseidon
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect VPN Client Events ]
Error - 25.12.2012 06:48:40 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 25.12.2012 06:48:41 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 25.12.2012 08:53:58 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 25.12.2012 08:53:59 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 25.12.2012 13:51:30 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 25.12.2012 13:51:31 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 26.12.2012 15:15:51 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 26.12.2012 15:15:52 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 26.12.2012 15:25:47 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 26.12.2012 15:25:48 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
 
< End of report >
         
--- --- ---
__________________

Alt 26.12.2012, 21:32   #4
M-K-D-B
/// TB-Ausbilder
 
Claro Search entfernen - Standard

Claro Search entfernen



Servus,




bevor wir weitermachen habe ich noch eine Frage.
gibt es noch Probleme mit Claro Search? Wenn ja, in welchem Browser?

Alt 26.12.2012, 21:44   #5
sw_hh
 
Claro Search entfernen - Standard

Claro Search entfernen



Nein, sowohl firefox, als auch IE zeigen keine Anzeichen mehr.


Alt 27.12.2012, 11:18   #6
M-K-D-B
/// TB-Ausbilder
 
Claro Search entfernen - Standard

Claro Search entfernen



Servus,



das hört sich doch schon mal gut an.


Wir kontrollieren nochmal alles:






Schritt 1
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
--> Claro Search entfernen

Alt 27.12.2012, 19:10   #7
sw_hh
 
Claro Search entfernen - Standard

Claro Search entfernen



Sry, dasses n bisschen gedauert hat, eset hat so lange gebraucht...

MBAM:
Zitat:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steffen - Admin :: HERBERT [Administrator]

27.12.2012 13:18:26
mbam-log-2012-12-27 (13-18-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 254643
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=b137dc6b0c50914192d1915a8e3016cd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-27 03:23:03
# local_time=2012-12-27 04:23:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 98 11474 53269695 0 0
# compatibility_mode=5893 16776573 100 94 71098 108251633 0 0
# scanned=468686
# found=0
# cleaned=0
# scan_time=10544
SC
Zitat:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 27.12.2012, 19:14   #8
M-K-D-B
/// TB-Ausbilder
 
Claro Search entfernen - Standard

Claro Search entfernen



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 10 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck





Schritt 2
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 3
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 4
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 5
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Schließe die sich öffnende Textdatei.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.
  • Starte deinen Rechner neu auf!





Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 27.12.2012, 20:33   #9
sw_hh
 
Claro Search entfernen - Standard

Claro Search entfernen



Super, alles gemacht, alles geklappt

Vielen, vielen Dank und einen guten Rutsch ins neue Jahr.

Alt 28.12.2012, 12:22   #10
M-K-D-B
/// TB-Ausbilder
 
Claro Search entfernen - Standard

Claro Search entfernen



Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Claro Search entfernen
bho, bonjour, booten, converter, dsl, entfernen, error, fatal error, fehler, firefox, flash player, google, install.exe, jdownloader, kaspersky, launch, logfile, malware, mp3, nicht möglich, nvidia update, pando media booster, realtek, registry, rundll, scan, security, senden, super, svchost.exe, tastatur, windows



Ähnliche Themen: Claro Search entfernen


  1. Claro Search entfernen? (,it Logs)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (13)
  2. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (24)
  3. Spy Hunter 4 und Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  4. Claro Search entfernen- Wie?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  5. Claro - Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (20)
  6. Claro Search entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (14)
  7. Claro-Search von Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (15)
  8. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (3)
  9. Claro-Search von Firefox entfernen
    Log-Analyse und Auswertung - 05.12.2012 (20)
  10. claro search entfernen
    Log-Analyse und Auswertung - 26.11.2012 (30)
  11. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  12. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (16)
  13. Claro-Search kostenlos entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (19)
  14. claro-search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (20)
  15. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (12)
  16. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (12)
  17. Claro-search Firefox entfernen
    Log-Analyse und Auswertung - 31.10.2012 (11)

Zum Thema Claro Search entfernen - Moin und erstmal frohe Weihnachten, ich hatte hier schonmal gute Hilfe gefunden und hoffe das ganze mal wiederholen zu können. Ich hatte gestern einigen Stress mit meinem iPhone und musste, - Claro Search entfernen...
Archiv
Du betrachtest: Claro Search entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.