| |  Claro Search entfernen
 Moin und erstmal frohe Weihnachten, ich hatte hier schonmal gute Hilfe gefunden und hoffe das ganze mal wiederholen zu können. Ich hatte gestern einigen Stress mit meinem iPhone und musste, um es booten zu können, gezwungener maßen einige dubiosere Ecken des Netzes durchforsten. Jetzt erscheint jedes mal wenn ich einen neuen Tab öffne die Suchmaske von "Claro Search". Hab jetzt gelesen, dass es sich hierbei um Malware handelt und die einfache Deinstalation, wie hier: hxxp://www.gutefrage.net/frage/claro-search-entfernen beschrieben nicht ausreicht. Deswegen wende ich mich an euch.
Hier mal die Log Files von DeFogger und OTL:
DeFogger: Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 25/12/2012 (Steffen - Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| OTL: Zitat:
OTL logfile created on: 25.12.2012 14:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\Kaspersky\avp.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- D:\MS Office\Office14\MSOSYNC.EXE
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Roccat\Kone[+]\Kone[+]Monitor.exe
PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
PRC - [2011.03.21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- D:\Razer\Lycosa\razerhid.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Kaspersky\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Kaspersky\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Kaspersky\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Kaspersky\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Kaspersky\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Kaspersky\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- D:\Kaspersky\imageformats\qgif4.dll
MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Roccat\Kone[+]\hiddriver.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 12:21:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Kaspersky\avp.exe -- (AVP)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\MS Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.28 15:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.10.31 18:01:28 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.29 14:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=HP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=113480&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=KW_ss&mntrId=be18ed110000000000000024219c3590&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Kaspersky\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Kaspersky\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Kaspersky\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Mozilla\components [2012.12.04 20:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Mozilla\plugins
[2012.02.27 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Extensions
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions
[2012.02.28 20:48:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.25 01:07:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\firefox\profiles\7eyjdgvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O1 HOSTS File: ([2012.12.25 02:00:51 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] D:\Kaspersky\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] D:\MS Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] D:\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [RoccatKone+] D:\Roccat\Kone[+]\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [OfficeSyncProcess] D:\MS Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7755D0-1803-4600-947F-9B4588296603}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAB7CF4-9B3F-469F-B762-E4A71E6526B2}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.25 14:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{2DD98775-E9D9-46FD-A231-96F68C7D5814}
[2012.12.25 01:21:52 | 001,039,360 | ---- | C] (iH8sn0w) -- C:\Users\Steffen - Admin\Desktop\iREB-r6.exe
[2012.12.25 01:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.25 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 01:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.25 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.12.25 01:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.24 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.12.24 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{46DFD9A3-97E8-4B4F-B811-D95714279237}
[2012.12.24 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\LogMeIn Hamachi
[2012.12.24 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\.shsh
[2012.12.24 22:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\redsn0w_win_0.9.15b3
[2012.12.24 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.12 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
========== Files - Modified Within 30 Days ==========
[2012.12.25 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 14:42:04 | 000,050,477 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 13:56:32 | 000,000,350 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.12.25 13:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.25 13:53:41 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 12:01:02 | 003,282,727 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 02:34:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012.12.25 02:00:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.25 01:21:39 | 000,398,686 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.24 23:27:27 | 002,599,936 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:23:31 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.24 10:13:41 | 000,000,646 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.12.23 10:23:07 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.06 14:02:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 14:02:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 14:02:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 14:02:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 14:02:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2012.12.25 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:03 | 000,050,477 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 12:00:59 | 003,282,727 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 01:21:38 | 000,398,686 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 01:16:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.24 23:27:25 | 002,599,936 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:13:41 | 000,000,646 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.11.10 21:55:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.21 14:29:10 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012.07.20 20:11:57 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 20:30:21 | 000,281,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.14 13:51:50 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.14 13:51:47 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.03.14 13:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.03.14 13:51:46 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2012.03.14 13:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.03.14 13:51:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.14 13:51:00 | 000,000,350 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.03.11 14:15:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 02:53:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.08.09 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Babylon
[2012.08.09 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\BabylonToolbar
[2012.02.28 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoft
[2012.02.28 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\loadtbs
[2012.02.27 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.02.27 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Origin
[2012.12.25 02:55:25 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.07.20 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Software4u
[2012.02.27 00:33:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\ts3overlay
========== Purity Check ==========
< End of report >
| Extras: Zitat:
OTL Extras logfile created on: 25.12.2012 14:57:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052657D-FC73-4D13-9E9A-E7EACB445299}" = lport=137 | protocol=17 | dir=in | app=system |
"{02434681-2B88-43BF-BF5C-D3ED4B5C063F}" = rport=139 | protocol=6 | dir=out | app=system |
"{116C2F68-E911-408A-AD44-3D8DA1C32D50}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{159BEDD4-C8F7-4D50-B946-45BD99639F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5404BE-3F91-4871-ADF1-115FB50C8776}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D8A4073-D399-4A6D-814C-2ECECE907924}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{257D7FA9-A8E3-4805-967D-9A6B8587FA04}" = rport=137 | protocol=17 | dir=out | app=system |
"{27C3EA32-A5E0-4F92-9C4C-C25B16E048A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{294E837C-19A1-4DE2-878E-68342B0A4EA7}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C71D156-3BB8-46A4-9391-2E7CE5790054}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38087AE9-2322-41C9-B8E5-F81974F40CFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39A7AC19-0B61-4E7B-935F-1386B039F554}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C39B19D-10A0-47A1-A9C4-2B1911675C35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CDC2EF8-50B1-4C02-824C-FDF4E7D79EDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53DDF956-6347-4A3B-855B-7BA28E9DE4FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{58A818C6-D621-44CA-B504-A9F9A849E71A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D48E133-0D74-40AF-9BF4-9E500EA7794A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{7FB6B418-8A78-4654-893B-FD463392D99B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82C20C06-DB9E-4257-A061-799587F302AE}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office\office14\outlook.exe |
"{833CD101-90A3-4662-929A-C6A8C8FFC96B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92308831-60BD-4710-973A-CD702EAD8E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97E1592B-0ADF-4680-9107-D9F204D6094C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8DD4282-7A70-452D-BB36-9C0710DF67E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4456700-043A-4E96-A966-0A0536AD7A3A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{B8562666-BA7D-491D-8236-3917CC2E7382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EE681849-CDA8-4376-9057-2F80DDF165C2}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{F9DB8A52-AA9B-42C3-87E0-514ECFF2C33E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC8DBD78-DB84-4161-A01A-5C7C0D12A80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B3853-B029-402F-9EA9-1FA1681C9FB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0713689F-2CE2-4EAB-8452-D4B9522530FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0C50954B-8239-4297-B2E2-008CAC741087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DFA682E-2113-47F2-B587-89AC5A4F36C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14E54660-1F27-4302-8D27-17575D78AE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{16E3830A-7D2F-4444-9964-6DCA6DB3E67F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AD3FB60-50CB-4748-A136-8A8EFC7EA9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24DD3C1D-CEA8-42E3-8AEF-209CBC1AB514}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26CD0B9D-B820-4122-85E2-6BC2DFC7D15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3028457A-58A6-4242-862F-F20C4D8AA50B}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{3111656B-FE8B-47F6-9BC1-6C5A47B0711D}" = protocol=6 | dir=out | app=system |
"{37081F09-AB4A-4CDF-B209-440F5C695284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3EAD2E93-9123-4D30-A0E2-BD6304727D3C}" = protocol=6 | dir=in | app=d:\ms office\office14\groove.exe |
"{3F5750B9-FFC4-4A0C-BCD2-1B08A07552BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45280D27-ABFB-4BC9-A9A2-099C988D5E81}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{484E721B-CAF6-44F1-ADDB-7E8211DFD823}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{50F5C92E-721A-447F-BAD0-2C4083EF6C24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51864861-3BCD-40D9-A835-76C44ECC5224}" = protocol=17 | dir=in | app=d:\ms office\office14\groove.exe |
"{533C88A2-7272-4F33-A91F-41451284A483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{554A09E5-2EE9-4CB9-9970-91E1D59C302F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{5F8F4805-45B8-4A94-9521-8F90BE196547}" = protocol=17 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{618AA65B-0F8C-4BD7-ACAC-EEFBEB5CEECA}" = protocol=17 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{61CA0DC4-B882-4B46-B841-BAB74A138FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6799F482-E6CE-41B1-A688-F9886EB56C09}" = protocol=6 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{699F6DC3-CDE5-4FDB-BBFA-A8BFC8965194}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C1111D7-E9B2-4BFD-9A09-FB3D7DB0EDCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73140F80-FB02-42B6-A400-4B14F0E1600D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73912005-FE77-42AE-9838-90130DDE01E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C655A6E-791D-4ED8-AA57-1A1ADC9F35FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DC44E66-5570-4063-8023-BDE707B66FC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EE31BEE-8B86-4F4A-8F90-F34D5EF66D5A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7FF5ACCB-98BB-43B5-8E92-B7D400DFF15C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{81AE36A8-89FC-472F-93C5-BFDC9A981561}" = protocol=6 | dir=in | app=d:\ms office\office14\onenote.exe |
"{84469555-78ED-4CF1-9FEA-25ED60A678D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8BF51439-CC5D-4D65-9ECF-3CA5A7AB0088}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8EF9CAEF-A7BB-425D-8FD1-1446078765FF}" = protocol=17 | dir=in | app=d:\ms office\office14\onenote.exe |
"{9450EAFE-A816-43C0-9225-61571A074D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{948754C5-3632-4752-8010-57AD7BD6A8F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{96F26B31-19A7-4D68-9F20-0E208D511280}" = protocol=6 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{98B1FA85-AE58-491E-835D-143A4A54E9D6}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9BBA0001-0C03-4BFC-8927-E28549203155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CBC5010-47E3-4F0E-9A16-BBA9323A78B1}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{9CCC1BD6-C171-4429-89EE-6ABBA259C1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A00E78F1-667E-4792-952C-30872B298F46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A3174C41-1E20-42E6-81C6-E6BC716F5B2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A44F4599-08C0-4C6B-82D3-E41E33EF83FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A47FFD17-D99F-4752-A351-9AADAAC456C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{A69B5BB2-5C7F-4DF2-BC1E-D00CF7E53EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A734FA7D-C9C5-4850-A7B6-4CE5DF11A22C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A760F09E-690C-48F2-A0EC-6FB43C2883F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A90FEB05-790C-44A0-9812-348191B40BDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A9203072-CD42-4000-91C7-01DA6F8E964A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABBF7812-645B-4ACF-871C-F9C85AB8B2EB}" = dir=in | app=d:\itunes\itunes.exe |
"{B2C1FCA5-CCEF-4C0E-8ECB-326FF9295298}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4D22DC0-D395-422A-9391-56540B359EBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98CE722-FA84-40E0-A44D-CAE236C0923F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BC04A8CF-DEFB-42A6-9329-E542A82D187D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BF2E3393-0C14-45E4-A67A-02054073B0B3}" = protocol=6 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{C3E2C614-AE3E-470F-B98F-D057091F0B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C8D93424-1AC5-46C3-9B45-C13A2881728E}" = protocol=58 | dir=in | app=system |
"{CB03E13A-F18D-4136-B438-9402869BB848}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0602970-F651-4793-B2E1-00F291387F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1753C99-9073-4D13-A4CF-D6F649959D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D76CBFDB-2421-49E1-9238-52F484C02CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7B5EF6E-AF97-4331-9829-739625D371A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96F9CFF-C5B9-44B1-90BD-CF63AF01D5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF24222-7756-4C1D-891E-21EAC82CB5F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE5A2FB9-CD4F-43E8-98DC-9E81EBEC5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2795421-08B5-4B09-AF4F-02B51BF77E2B}" = protocol=17 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{F213EC1F-A984-4FC5-8048-7F7F6E4F635B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1AA3A0C7-6BEA-4212-A317-76D115641AD4}" = Origin86
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C98F2F1-8921-4F0D-AEBD-029A56C18963}" = Brother HL-3040CN
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15F034C-CF2A-4F78-821D-DBFB519101B4}_is1" = Portal Deluxe Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Standard)
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"Zeus and Poseidon_is1" = Zeus and Poseidon
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
[ Cisco AnyConnect VPN Client Events ]
Error - 24.12.2012 19:58:20 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 24.12.2012 19:58:21 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 24.12.2012 20:10:57 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 24.12.2012 20:10:58 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 24.12.2012 21:20:17 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 24.12.2012 21:20:18 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 25.12.2012 06:48:40 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 25.12.2012 06:48:41 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 25.12.2012 08:53:58 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 25.12.2012 08:53:59 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ Media Center Events ]
Error - 16.03.2012 13:26:59 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:26:57 - Fehler beim Herstellen der Internetverbindung. 18:26:57
- Serververbindung konnte nicht hergestellt werden..
Error - 16.03.2012 13:27:11 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:27:06 - Fehler beim Herstellen der Internetverbindung. 18:27:06
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.
Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 28.11.2012 14:11:45 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 02:45:00 unerwartet heruntergefahren.
Error - 04.12.2012 15:59:20 | Computer Name = Herbert | Source = bowser | ID = 8003
Description =
Error - 06.12.2012 17:13:02 | Computer Name = Herbert | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 12.12.2012 07:21:05 | Computer Name = Herbert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.
Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.12.2012 07:21:47 | Computer Name = Herbert | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 15.12.2012 14:42:00 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?12.?2012 um 00:05:16 unerwartet heruntergefahren.
< End of report >
| Falls noch Fragen zum System sind:
Windows 7 Ultimate SP1 64 Bit
Motherboard: MSI X58 Pro-E
CPU: i7 920
Grafik: Nvidia 285 GTX
RAM: 6 GB DDR3 1033 Hz
Schonmal vielen vielen Dank im Vorraus und sorry, dass ich an den Feiertagen nach Hilfe suchen muss.
|
25.12.2012, 15:12
Baum-Darstellung