Trojaner-Board - Claro Search entfernen

Moin und erstmal frohe Weihnachten, ich hatte hier schonmal gute Hilfe gefunden und hoffe das ganze mal wiederholen zu können. Ich hatte gestern einigen Stress mit meinem iPhone und musste, um es booten zu können, gezwungener maßen einige dubiosere Ecken des Netzes durchforsten. Jetzt erscheint jedes mal wenn ich einen neuen Tab öffne die Suchmaske von "Claro Search". Hab jetzt gelesen, dass es sich hierbei um Malware handelt und die einfache Deinstalation, wie hier: hxxp://www.gutefrage.net/frage/claro-search-entfernen beschrieben nicht ausreicht. Deswegen wende ich mich an euch.

Hier mal die Log Files von DeFogger und OTL:

DeFogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 25/12/2012 (Steffen - Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL:

Zitat:

OTL logfile created on: 25.12.2012 14:57:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\Kaspersky\avp.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- D:\MS Office\Office14\MSOSYNC.EXE
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Roccat\Kone[+]\Kone[+]Monitor.exe
PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
PRC - [2011.03.21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- D:\Razer\Lycosa\razerhid.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Kaspersky\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Kaspersky\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Kaspersky\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Kaspersky\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Kaspersky\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Kaspersky\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- D:\Kaspersky\imageformats\qgif4.dll
MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Roccat\Kone[+]\hiddriver.dll

========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 12:21:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Kaspersky\avp.exe -- (AVP)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\MS Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.28 15:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.31 18:01:28 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.29 14:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=HP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=113480&tt=090812_clr_3212_8&babsrc=SP_ss&mntrId=be18ed110000000000000024219c3590
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=KW_ss&mntrId=be18ed110000000000000024219c3590&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Kaspersky\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Kaspersky\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Kaspersky\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Mozilla\components [2012.12.04 20:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Mozilla\plugins

[2012.02.27 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Extensions
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions
[2012.02.28 20:48:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.25 01:07:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\firefox\profiles\7eyjdgvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2012.12.25 02:00:51 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] D:\Kaspersky\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] D:\MS Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] D:\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [RoccatKone+] D:\Roccat\Kone[+]\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [OfficeSyncProcess] D:\MS Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7755D0-1803-4600-947F-9B4588296603}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAB7CF4-9B3F-469F-B762-E4A71E6526B2}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.25 14:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{2DD98775-E9D9-46FD-A231-96F68C7D5814}
[2012.12.25 01:21:52 | 001,039,360 | ---- | C] (iH8sn0w) -- C:\Users\Steffen - Admin\Desktop\iREB-r6.exe
[2012.12.25 01:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.25 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 01:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.25 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.12.25 01:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.24 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.12.24 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{46DFD9A3-97E8-4B4F-B811-D95714279237}
[2012.12.24 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\LogMeIn Hamachi
[2012.12.24 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\.shsh
[2012.12.24 22:26:56 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\redsn0w_win_0.9.15b3
[2012.12.24 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.12.12 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

========== Files - Modified Within 30 Days ==========

[2012.12.25 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe
[2012.12.25 14:42:04 | 000,050,477 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 14:01:19 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 13:56:32 | 000,000,350 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.12.25 13:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.25 13:53:41 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 12:01:02 | 003,282,727 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 02:34:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012.12.25 02:00:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.25 01:21:39 | 000,398,686 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.24 23:27:27 | 002,599,936 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:23:31 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.24 10:13:41 | 000,000,646 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.12.23 10:23:07 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.06 14:02:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.06 14:02:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.06 14:02:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.06 14:02:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.06 14:02:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012.12.25 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Steffen - Admin\defogger_reenable
[2012.12.25 14:42:03 | 000,050,477 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe
[2012.12.25 12:00:59 | 003,282,727 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\ssh_rd_rev-03.jar
[2012.12.25 01:21:38 | 000,398,686 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\iREB-r6.zip
[2012.12.25 01:17:32 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 01:16:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.24 23:27:25 | 002,599,936 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\tinyumbrella-6.01.01.exe
[2012.12.24 10:13:41 | 000,000,646 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk
[2012.12.24 10:13:41 | 000,000,582 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk
[2012.11.10 21:55:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.21 14:29:10 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012.07.20 20:11:57 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 20:30:21 | 000,281,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.14 13:51:50 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.14 13:51:47 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.03.14 13:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.03.14 13:51:46 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2012.03.14 13:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.03.14 13:51:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.14 13:51:00 | 000,000,350 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.03.11 14:15:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 02:53:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.08.09 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Babylon
[2012.08.09 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\BabylonToolbar
[2012.02.28 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoft
[2012.02.28 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.22 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\loadtbs
[2012.02.27 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2012.02.27 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Origin
[2012.12.25 02:55:25 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w
[2012.07.20 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\Software4u
[2012.02.27 00:33:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen - Admin\AppData\Roaming\ts3overlay

========== Purity Check ==========

< End of report >

Extras:

Zitat:

OTL Extras logfile created on: 25.12.2012 14:57:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steffen - Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,92% Memory free
11,98 Gb Paging File | 10,06 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 745,42 Gb Total Space | 531,81 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052657D-FC73-4D13-9E9A-E7EACB445299}" = lport=137 | protocol=17 | dir=in | app=system |
"{02434681-2B88-43BF-BF5C-D3ED4B5C063F}" = rport=139 | protocol=6 | dir=out | app=system |
"{116C2F68-E911-408A-AD44-3D8DA1C32D50}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{159BEDD4-C8F7-4D50-B946-45BD99639F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C5404BE-3F91-4871-ADF1-115FB50C8776}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D8A4073-D399-4A6D-814C-2ECECE907924}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{257D7FA9-A8E3-4805-967D-9A6B8587FA04}" = rport=137 | protocol=17 | dir=out | app=system |
"{27C3EA32-A5E0-4F92-9C4C-C25B16E048A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{294E837C-19A1-4DE2-878E-68342B0A4EA7}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C71D156-3BB8-46A4-9391-2E7CE5790054}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38087AE9-2322-41C9-B8E5-F81974F40CFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39A7AC19-0B61-4E7B-935F-1386B039F554}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C39B19D-10A0-47A1-A9C4-2B1911675C35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CDC2EF8-50B1-4C02-824C-FDF4E7D79EDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53DDF956-6347-4A3B-855B-7BA28E9DE4FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{58A818C6-D621-44CA-B504-A9F9A849E71A}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D48E133-0D74-40AF-9BF4-9E500EA7794A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{7FB6B418-8A78-4654-893B-FD463392D99B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82C20C06-DB9E-4257-A061-799587F302AE}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office\office14\outlook.exe |
"{833CD101-90A3-4662-929A-C6A8C8FFC96B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92308831-60BD-4710-973A-CD702EAD8E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97E1592B-0ADF-4680-9107-D9F204D6094C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8DD4282-7A70-452D-BB36-9C0710DF67E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4456700-043A-4E96-A966-0A0536AD7A3A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster |
"{B8562666-BA7D-491D-8236-3917CC2E7382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EE681849-CDA8-4376-9057-2F80DDF165C2}" = lport=56352 | protocol=6 | dir=in | name=pando media booster |
"{F9DB8A52-AA9B-42C3-87E0-514ECFF2C33E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC8DBD78-DB84-4161-A01A-5C7C0D12A80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B3853-B029-402F-9EA9-1FA1681C9FB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0713689F-2CE2-4EAB-8452-D4B9522530FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{0C50954B-8239-4297-B2E2-008CAC741087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DFA682E-2113-47F2-B587-89AC5A4F36C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14E54660-1F27-4302-8D27-17575D78AE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{16E3830A-7D2F-4444-9964-6DCA6DB3E67F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AD3FB60-50CB-4748-A136-8A8EFC7EA9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24DD3C1D-CEA8-42E3-8AEF-209CBC1AB514}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26CD0B9D-B820-4122-85E2-6BC2DFC7D15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3028457A-58A6-4242-862F-F20C4D8AA50B}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{3111656B-FE8B-47F6-9BC1-6C5A47B0711D}" = protocol=6 | dir=out | app=system |
"{37081F09-AB4A-4CDF-B209-440F5C695284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3EAD2E93-9123-4D30-A0E2-BD6304727D3C}" = protocol=6 | dir=in | app=d:\ms office\office14\groove.exe |
"{3F5750B9-FFC4-4A0C-BCD2-1B08A07552BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45280D27-ABFB-4BC9-A9A2-099C988D5E81}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{484E721B-CAF6-44F1-ADDB-7E8211DFD823}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{50F5C92E-721A-447F-BAD0-2C4083EF6C24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51864861-3BCD-40D9-A835-76C44ECC5224}" = protocol=17 | dir=in | app=d:\ms office\office14\groove.exe |
"{533C88A2-7272-4F33-A91F-41451284A483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{554A09E5-2EE9-4CB9-9970-91E1D59C302F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{5F8F4805-45B8-4A94-9521-8F90BE196547}" = protocol=17 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{618AA65B-0F8C-4BD7-ACAC-EEFBEB5CEECA}" = protocol=17 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{61CA0DC4-B882-4B46-B841-BAB74A138FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6799F482-E6CE-41B1-A688-F9886EB56C09}" = protocol=6 | dir=in | app=f:\schlacht um mittelerde\game.dat |
"{699F6DC3-CDE5-4FDB-BBFA-A8BFC8965194}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C1111D7-E9B2-4BFD-9A09-FB3D7DB0EDCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73140F80-FB02-42B6-A400-4B14F0E1600D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73912005-FE77-42AE-9838-90130DDE01E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C655A6E-791D-4ED8-AA57-1A1ADC9F35FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DC44E66-5570-4063-8023-BDE707B66FC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EE31BEE-8B86-4F4A-8F90-F34D5EF66D5A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7FF5ACCB-98BB-43B5-8E92-B7D400DFF15C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{81AE36A8-89FC-472F-93C5-BFDC9A981561}" = protocol=6 | dir=in | app=d:\ms office\office14\onenote.exe |
"{84469555-78ED-4CF1-9FEA-25ED60A678D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8BF51439-CC5D-4D65-9ECF-3CA5A7AB0088}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8EF9CAEF-A7BB-425D-8FD1-1446078765FF}" = protocol=17 | dir=in | app=d:\ms office\office14\onenote.exe |
"{9450EAFE-A816-43C0-9225-61571A074D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{948754C5-3632-4752-8010-57AD7BD6A8F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{96F26B31-19A7-4D68-9F20-0E208D511280}" = protocol=6 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{98B1FA85-AE58-491E-835D-143A4A54E9D6}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9BBA0001-0C03-4BFC-8927-E28549203155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CBC5010-47E3-4F0E-9A16-BBA9323A78B1}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{9CCC1BD6-C171-4429-89EE-6ABBA259C1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A00E78F1-667E-4792-952C-30872B298F46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A3174C41-1E20-42E6-81C6-E6BC716F5B2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A44F4599-08C0-4C6B-82D3-E41E33EF83FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A47FFD17-D99F-4752-A351-9AADAAC456C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{A69B5BB2-5C7F-4DF2-BC1E-D00CF7E53EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A734FA7D-C9C5-4850-A7B6-4CE5DF11A22C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A760F09E-690C-48F2-A0EC-6FB43C2883F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A90FEB05-790C-44A0-9812-348191B40BDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A9203072-CD42-4000-91C7-01DA6F8E964A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABBF7812-645B-4ACF-871C-F9C85AB8B2EB}" = dir=in | app=d:\itunes\itunes.exe |
"{B2C1FCA5-CCEF-4C0E-8ECB-326FF9295298}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4D22DC0-D395-422A-9391-56540B359EBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98CE722-FA84-40E0-A44D-CAE236C0923F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BC04A8CF-DEFB-42A6-9329-E542A82D187D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BF2E3393-0C14-45E4-A67A-02054073B0B3}" = protocol=6 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe |
"{C3E2C614-AE3E-470F-B98F-D057091F0B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C8D93424-1AC5-46C3-9B45-C13A2881728E}" = protocol=58 | dir=in | app=system |
"{CB03E13A-F18D-4136-B438-9402869BB848}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0602970-F651-4793-B2E1-00F291387F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1753C99-9073-4D13-A4CF-D6F649959D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{D76CBFDB-2421-49E1-9238-52F484C02CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7B5EF6E-AF97-4331-9829-739625D371A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96F9CFF-C5B9-44B1-90BD-CF63AF01D5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DAF24222-7756-4C1D-891E-21EAC82CB5F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE5A2FB9-CD4F-43E8-98DC-9E81EBEC5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2795421-08B5-4B09-AF4F-02B51BF77E2B}" = protocol=17 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe |
"{F213EC1F-A984-4FC5-8048-7F7F6E4F635B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1AA3A0C7-6BEA-4212-A317-76D115641AD4}" = Origin86
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C98F2F1-8921-4F0D-AEBD-029A56C18963}" = Brother HL-3040CN
"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15F034C-CF2A-4F78-821D-DBFB519101B4}_is1" = Portal Deluxe Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.5
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Standard)
"loadtbs-2.1" = loadtbs-2.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
"Zeus and Poseidon_is1" = Zeus and Poseidon

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 24.12.2012 18:18:23 | Computer Name = Herbert | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

[ Cisco AnyConnect VPN Client Events ]
Error - 24.12.2012 19:58:20 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 19:58:21 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 24.12.2012 20:10:57 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 20:10:58 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 24.12.2012 21:20:17 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 24.12.2012 21:20:18 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 25.12.2012 06:48:40 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 25.12.2012 06:48:41 | Computer Name = Herbert | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

Error - 25.12.2012 08:53:58 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.

Error - 25.12.2012 08:53:59 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory

[ Media Center Events ]
Error - 16.03.2012 13:26:59 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:26:57 - Fehler beim Herstellen der Internetverbindung. 18:26:57
- Serververbindung konnte nicht hergestellt werden..

Error - 16.03.2012 13:27:11 | Computer Name = Herbert | Source = MCUpdate | ID = 0
Description = 18:27:06 - Fehler beim Herstellen der Internetverbindung. 18:27:06
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.

Error - 20.11.2012 17:26:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 28.11.2012 14:11:45 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 02:45:00 unerwartet heruntergefahren.

Error - 04.12.2012 15:59:20 | Computer Name = Herbert | Source = bowser | ID = 8003
Description =

Error - 06.12.2012 17:13:02 | Computer Name = Herbert | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12.12.2012 07:21:05 | Computer Name = Herbert | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.

Error - 12.12.2012 07:21:06 | Computer Name = Herbert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 12.12.2012 07:21:47 | Computer Name = Herbert | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.

Error - 15.12.2012 14:42:00 | Computer Name = Herbert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?12.?2012 um 00:05:16 unerwartet heruntergefahren.

< End of report >

Falls noch Fragen zum System sind:

Windows 7 Ultimate SP1 64 Bit
Motherboard: MSI X58 Pro-E
CPU: i7 920
Grafik: Nvidia 285 GTX
RAM: 6 GB DDR3 1033 Hz

Schonmal vielen vielen Dank im Vorraus und sorry, dass ich an den Feiertagen nach Hilfe suchen muss.

So:

ADW:

Zitat:

# AdwCleaner v2.103 - Datei am 26/12/2012 um 20:22:55 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Steffen - Admin - HERBERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffen - Admin\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\STEFFE~1\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Steffen - Admin\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Steffen\AppData\LocalLow\AskToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKU\S-1-5-21-770739208-383876241-156322460-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=HP_ss&mntrId=be18ed110000000000000024219c3590 --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.2 (de)

Datei : C:\Users\Steffen - Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7eyjdgvh.default\prefs.js

C:\Users\Steffen - Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7eyjdgvh.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babs[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=113480&tt=090[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "be18ed110000000000000024219c3590");
Gelöscht : user_pref("extensions.claro.instlDay", "15561");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
Gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.121:13:36");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/claro");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=113480&tt=090812_clr_3212_8&babsrc=KW_s[...]

Datei : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\t3vdfymy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4207 octets] - [26/12/2012 20:22:55]

########## EOF - C:\AdwCleaner[S1].txt - [4267 octets] ##########

JRT

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.5 (12.24.2012:1)
OS: Windows 7 Ultimate x64
Ran by Steffen - Admin on 26.12.2012 at 20:29:12,97
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Steffen - Admin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Steffen - Admin\AppData\Roaming\software4u"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2012 at 20:39:01,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL
OTL Logfile:

Code:

OTL logfile created on: 26.12.2012 20:48:15 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen - Admin\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 66,07% Memory free

11,98 Gb Paging File | 9,82 Gb Available in Paging File | 81,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 745,42 Gb Total Space | 530,30 Gb Free Space | 71,14% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS

Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS

Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS

Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

 

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe

PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe

PRC - [2012.12.04 20:48:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- D:\Mozilla\firefox.exe

PRC - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- D:\Kaspersky\avp.exe

PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012.01.20 20:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- D:\MS Office\Office14\MSOSYNC.EXE

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- D:\Roccat\Kone[+]\Kone[+]Monitor.exe

PRC - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe

PRC - [2011.03.21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- D:\Razer\Lycosa\razerhid.exe

PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe

PRC - [2008.10.20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brownie\Brnipmon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012.11.17 22:32:52 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Kaspersky\qtgui4.dll

MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Kaspersky\qtsql4.dll

MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Kaspersky\qtscript4.dll

MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Kaspersky\qtnetwork4.dll

MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Kaspersky\qtcore4.dll

MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Kaspersky\qtdeclarative4.dll

MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- D:\Kaspersky\imageformats\qgif4.dll

MOD - [2011.04.13 11:46:28 | 000,110,592 | ---- | M] () -- D:\Razer\Lycosa\razertra.exe

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- D:\Roccat\Kone[+]\hiddriver.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.12.12 12:21:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012.10.31 18:01:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Kaspersky\avp.exe -- (AVP)

SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\MS Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2012.02.27 03:05:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.08.29 14:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.07.28 15:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.10.31 18:01:28 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.08.29 14:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011.08.02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)

DRV:64bit: - [2010.09.08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)

DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007.05.09 21:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007.05.09 21:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2007.05.09 21:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Kaspersky\FFExt\linkfilter@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Kaspersky\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: D:\Kaspersky\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 18:01:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Mozilla\components [2012.12.04 20:48:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Mozilla\plugins

 

[2012.02.27 00:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Extensions

[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions

[2012.02.28 20:48:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.12.25 01:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\Firefox\Profiles\7eyjdgvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.12.25 01:07:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Steffen - Admin\AppData\Roaming\mozilla\firefox\profiles\7eyjdgvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 

O1 HOSTS File: ([2012.12.25 02:00:51 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] D:\Kaspersky\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [BCSSync] D:\MS Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Lycosa] D:\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)

O4 - HKLM..\Run: [RoccatKone+] D:\Roccat\Kone[+]\Kone[+]Monitor.EXE (ROCCAT GmbH)

O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)

O4 - HKLM..\Run: [VirtualCloneDrive] D:\Virtual Clone\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKCU..\Run: [OfficeSyncProcess] D:\MS Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: An OneNote s&enden - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen - Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Kaspersky\ie_banner_deny.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Kaspersky\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Kaspersky\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7755D0-1803-4600-947F-9B4588296603}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EAB7CF4-9B3F-469F-B762-E4A71E6526B2}: DhcpNameServer = 193.189.244.225 193.189.244.206

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\MS Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{789f2aa9-60b7-11e1-9b23-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.26 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\Log Files 2

[2012.12.26 20:29:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012.12.26 20:29:02 | 000,000,000 | ---D | C] -- C:\JRT

[2012.12.26 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\Log Files 1

[2012.12.26 20:20:42 | 000,496,364 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Steffen - Admin\Desktop\JRT.exe

[2012.12.26 20:17:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{5196AABB-F663-4EBB-828B-897575D82F8B}

[2012.12.25 19:54:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\Desktop\redsn0w_win_0.9.15b3

[2012.12.25 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\.minecraft

[2012.12.25 14:42:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe

[2012.12.25 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{2DD98775-E9D9-46FD-A231-96F68C7D5814}

[2012.12.25 01:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.12.25 01:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.12.25 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012.12.25 01:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012.12.25 01:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.12.25 01:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012.12.25 01:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012.12.24 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\redsn0w

[2012.12.24 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\{46DFD9A3-97E8-4B4F-B811-D95714279237}

[2012.12.24 23:30:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Local\LogMeIn Hamachi

[2012.12.24 23:29:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\.shsh

[2012.12.24 21:40:33 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2012.12.24 10:13:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen - Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView

[2012.12.22 16:52:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012.12.22 16:52:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012.12.22 16:52:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012.12.22 16:52:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012.12.14 00:02:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.12.14 00:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.12.14 00:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.12.14 00:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.12.14 00:02:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.12.14 00:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.12.14 00:02:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.12.14 00:02:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.12.14 00:01:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.12.14 00:01:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.12.14 00:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.12.14 00:01:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.12.14 00:01:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.12.14 00:01:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.12.14 00:01:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.12.13 19:57:27 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012.12.13 19:57:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012.12.13 19:57:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012.12.13 19:57:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012.12.13 19:57:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012.12.13 19:57:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012.12.13 19:57:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012.12.13 19:57:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012.12.13 19:57:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012.12.13 19:57:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012.12.13 19:57:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012.12.13 19:57:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.12.13 19:57:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.12.13 19:57:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.12.13 19:57:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.12.13 19:57:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.12.13 19:57:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.12.13 19:57:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.12.13 19:57:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012.12.13 19:57:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012.12.13 19:57:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012.12.12 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.26 20:33:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.26 20:33:07 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.26 20:26:26 | 000,000,350 | ---- | M] () -- C:\Windows\Brownie.ini

[2012.12.26 20:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.26 20:25:34 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.26 20:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.26 20:20:46 | 000,496,364 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Steffen - Admin\Desktop\JRT.exe

[2012.12.26 20:19:59 | 000,550,017 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\adwcleaner.exe

[2012.12.25 20:05:32 | 930,639,149 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\iPhone3,1_6.0.1_10A523_Restore.ipsw

[2012.12.25 14:55:56 | 000,000,000 | ---- | M] () -- C:\Users\Steffen - Admin\defogger_reenable

[2012.12.25 14:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen - Admin\Desktop\OTL.exe

[2012.12.25 14:42:04 | 000,050,477 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe

[2012.12.25 02:34:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella

[2012.12.25 02:00:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.12.25 01:17:32 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.24 10:23:31 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.12.24 10:13:41 | 000,000,646 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk

[2012.12.24 10:13:41 | 000,000,582 | ---- | M] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk

[2012.12.23 10:23:07 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012.12.20 22:13:09 | 000,281,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012.12.12 12:21:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.12.12 12:21:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.12.06 14:02:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.06 14:02:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.06 14:02:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.06 14:02:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.06 14:02:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2012.12.26 20:19:53 | 000,550,017 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\adwcleaner.exe

[2012.12.25 19:56:06 | 930,639,149 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\iPhone3,1_6.0.1_10A523_Restore.ipsw

[2012.12.25 14:55:56 | 000,000,000 | ---- | C] () -- C:\Users\Steffen - Admin\defogger_reenable

[2012.12.25 14:42:03 | 000,050,477 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\Defogger.exe

[2012.12.25 01:17:32 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.25 01:16:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012.12.24 10:13:41 | 000,000,646 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView Thumbnails.lnk

[2012.12.24 10:13:41 | 000,000,582 | ---- | C] () -- C:\Users\Steffen - Admin\Desktop\IrfanView.lnk

[2012.11.10 21:55:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2012.09.21 14:29:10 | 000,000,040 | ---- | C] () -- C:\Windows\nfsc_patch.ini

[2012.07.20 20:11:57 | 001,589,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.07.11 20:30:21 | 000,281,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.03.14 13:51:50 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012.03.14 13:51:47 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI

[2012.03.14 13:51:47 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2012.03.14 13:51:46 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI

[2012.03.14 13:51:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2012.03.14 13:51:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

[2012.03.14 13:51:00 | 000,000,350 | ---- | C] () -- C:\Windows\Brownie.ini

[2012.03.11 14:15:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.02.27 02:53:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 26.12.2012 20:48:15 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen - Admin\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 3,96 Gb Available Physical Memory | 66,07% Memory free

11,98 Gb Paging File | 9,82 Gb Available in Paging File | 81,97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 745,42 Gb Total Space | 530,30 Gb Free Space | 71,14% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 141,03 Gb Free Space | 96,27% Space Free | Partition Type: NTFS

Drive E: | 114,73 Gb Total Space | 57,70 Gb Free Space | 50,29% Space Free | Partition Type: NTFS

Drive F: | 292,97 Gb Total Space | 203,46 Gb Free Space | 69,45% Space Free | Partition Type: NTFS

Drive G: | 97,66 Gb Total Space | 97,51 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

 

Computer Name: HERBERT | User Name: Steffen - Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)

Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)

Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0052657D-FC73-4D13-9E9A-E7EACB445299}" = lport=137 | protocol=17 | dir=in | app=system | 

"{02434681-2B88-43BF-BF5C-D3ED4B5C063F}" = rport=139 | protocol=6 | dir=out | app=system | 

"{116C2F68-E911-408A-AD44-3D8DA1C32D50}" = lport=56352 | protocol=6 | dir=in | name=pando media booster | 

"{159BEDD4-C8F7-4D50-B946-45BD99639F7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1C5404BE-3F91-4871-ADF1-115FB50C8776}" = rport=138 | protocol=17 | dir=out | app=system | 

"{1D8A4073-D399-4A6D-814C-2ECECE907924}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{257D7FA9-A8E3-4805-967D-9A6B8587FA04}" = rport=137 | protocol=17 | dir=out | app=system | 

"{27C3EA32-A5E0-4F92-9C4C-C25B16E048A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{294E837C-19A1-4DE2-878E-68342B0A4EA7}" = lport=445 | protocol=6 | dir=in | app=system | 

"{2C71D156-3BB8-46A4-9391-2E7CE5790054}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{38087AE9-2322-41C9-B8E5-F81974F40CFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{39A7AC19-0B61-4E7B-935F-1386B039F554}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{4C39B19D-10A0-47A1-A9C4-2B1911675C35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{4CDC2EF8-50B1-4C02-824C-FDF4E7D79EDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{53DDF956-6347-4A3B-855B-7BA28E9DE4FD}" = rport=445 | protocol=6 | dir=out | app=system | 

"{58A818C6-D621-44CA-B504-A9F9A849E71A}" = lport=138 | protocol=17 | dir=in | app=system | 

"{5D48E133-0D74-40AF-9BF4-9E500EA7794A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster | 

"{7FB6B418-8A78-4654-893B-FD463392D99B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{82C20C06-DB9E-4257-A061-799587F302AE}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office\office14\outlook.exe | 

"{833CD101-90A3-4662-929A-C6A8C8FFC96B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{92308831-60BD-4710-973A-CD702EAD8E1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{97E1592B-0ADF-4680-9107-D9F204D6094C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{A8DD4282-7A70-452D-BB36-9C0710DF67E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B4456700-043A-4E96-A966-0A0536AD7A3A}" = lport=56352 | protocol=17 | dir=in | name=pando media booster | 

"{B8562666-BA7D-491D-8236-3917CC2E7382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{EE681849-CDA8-4376-9057-2F80DDF165C2}" = lport=56352 | protocol=6 | dir=in | name=pando media booster | 

"{F9DB8A52-AA9B-42C3-87E0-514ECFF2C33E}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{FC8DBD78-DB84-4161-A01A-5C7C0D12A80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{015B3853-B029-402F-9EA9-1FA1681C9FB7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{0713689F-2CE2-4EAB-8452-D4B9522530FF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 

"{073223CB-71EA-4726-B955-95DBB0C554D9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{0C50954B-8239-4297-B2E2-008CAC741087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0DFA682E-2113-47F2-B587-89AC5A4F36C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{14E54660-1F27-4302-8D27-17575D78AE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{16E3830A-7D2F-4444-9964-6DCA6DB3E67F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1AD3FB60-50CB-4748-A136-8A8EFC7EA9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{24DD3C1D-CEA8-42E3-8AEF-209CBC1AB514}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{26CD0B9D-B820-4122-85E2-6BC2DFC7D15C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{3028457A-58A6-4242-862F-F20C4D8AA50B}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 

"{3111656B-FE8B-47F6-9BC1-6C5A47B0711D}" = protocol=6 | dir=out | app=system | 

"{37081F09-AB4A-4CDF-B209-440F5C695284}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{3EAD2E93-9123-4D30-A0E2-BD6304727D3C}" = protocol=6 | dir=in | app=d:\ms office\office14\groove.exe | 

"{3F5750B9-FFC4-4A0C-BCD2-1B08A07552BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{45280D27-ABFB-4BC9-A9A2-099C988D5E81}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 

"{484E721B-CAF6-44F1-ADDB-7E8211DFD823}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 

"{50F5C92E-721A-447F-BAD0-2C4083EF6C24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{51864861-3BCD-40D9-A835-76C44ECC5224}" = protocol=17 | dir=in | app=d:\ms office\office14\groove.exe | 

"{533C88A2-7272-4F33-A91F-41451284A483}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{554A09E5-2EE9-4CB9-9970-91E1D59C302F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 

"{5F8F4805-45B8-4A94-9521-8F90BE196547}" = protocol=17 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe | 

"{618AA65B-0F8C-4BD7-ACAC-EEFBEB5CEECA}" = protocol=17 | dir=in | app=f:\schlacht um mittelerde\game.dat | 

"{61CA0DC4-B882-4B46-B841-BAB74A138FF6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{6799F482-E6CE-41B1-A688-F9886EB56C09}" = protocol=6 | dir=in | app=f:\schlacht um mittelerde\game.dat | 

"{699F6DC3-CDE5-4FDB-BBFA-A8BFC8965194}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6C1111D7-E9B2-4BFD-9A09-FB3D7DB0EDCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{73140F80-FB02-42B6-A400-4B14F0E1600D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{73912005-FE77-42AE-9838-90130DDE01E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C655A6E-791D-4ED8-AA57-1A1ADC9F35FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7DC44E66-5570-4063-8023-BDE707B66FC1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7FF5ACCB-98BB-43B5-8E92-B7D400DFF15C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{81AE36A8-89FC-472F-93C5-BFDC9A981561}" = protocol=6 | dir=in | app=d:\ms office\office14\onenote.exe | 

"{84469555-78ED-4CF1-9FEA-25ED60A678D8}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{8BF51439-CC5D-4D65-9ECF-3CA5A7AB0088}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{8EF9CAEF-A7BB-425D-8FD1-1446078765FF}" = protocol=17 | dir=in | app=d:\ms office\office14\onenote.exe | 

"{9450EAFE-A816-43C0-9225-61571A074D2A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{948754C5-3632-4752-8010-57AD7BD6A8F1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 

"{96F26B31-19A7-4D68-9F20-0E208D511280}" = protocol=6 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe | 

"{98B1FA85-AE58-491E-835D-143A4A54E9D6}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 

"{9BBA0001-0C03-4BFC-8927-E28549203155}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{9CBC5010-47E3-4F0E-9A16-BBA9323A78B1}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 

"{9CCC1BD6-C171-4429-89EE-6ABBA259C1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{A00E78F1-667E-4792-952C-30872B298F46}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{A3174C41-1E20-42E6-81C6-E6BC716F5B2B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{A44F4599-08C0-4C6B-82D3-E41E33EF83FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{A47FFD17-D99F-4752-A351-9AADAAC456C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 

"{A69B5BB2-5C7F-4DF2-BC1E-D00CF7E53EC2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 

"{A734FA7D-C9C5-4850-A7B6-4CE5DF11A22C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{A760F09E-690C-48F2-A0EC-6FB43C2883F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A90FEB05-790C-44A0-9812-348191B40BDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{A9203072-CD42-4000-91C7-01DA6F8E964A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{ABBF7812-645B-4ACF-871C-F9C85AB8B2EB}" = dir=in | app=d:\itunes\itunes.exe | 

"{B2C1FCA5-CCEF-4C0E-8ECB-326FF9295298}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B4D22DC0-D395-422A-9391-56540B359EBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B98CE722-FA84-40E0-A44D-CAE236C0923F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{BC04A8CF-DEFB-42A6-9329-E542A82D187D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{BF171A89-B200-4324-8F73-0D8A9255B870}" = protocol=58 | dir=in | app=system | 

"{BF2E3393-0C14-45E4-A67A-02054073B0B3}" = protocol=6 | dir=in | app=f:\battlefield\battlefield 3\fifa 13 demo\game\fifa13_demo.exe | 

"{C3E2C614-AE3E-470F-B98F-D057091F0B27}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{CB03E13A-F18D-4136-B438-9402869BB848}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D0602970-F651-4793-B2E1-00F291387F35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D1753C99-9073-4D13-A4CF-D6F649959D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 

"{D76CBFDB-2421-49E1-9238-52F484C02CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{D7B5EF6E-AF97-4331-9829-739625D371A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{D96F9CFF-C5B9-44B1-90BD-CF63AF01D5DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{DAF24222-7756-4C1D-891E-21EAC82CB5F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DE5A2FB9-CD4F-43E8-98DC-9E81EBEC5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{E2795421-08B5-4B09-AF4F-02B51BF77E2B}" = protocol=17 | dir=in | app=f:\fifa 13\fifa 13\game\fifa13.exe | 

"{F213EC1F-A984-4FC5-8048-7F7F6E4F635B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 

"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)

"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager

"GIMP-2_is1" = GIMP 2.8.2

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi

"{1AA3A0C7-6BEA-4212-A317-76D115641AD4}" = Origin86

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)

"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo

"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C98F2F1-8921-4F0D-AEBD-029A56C18963}" = Brother HL-3040CN

"{4E2EA555-3DAE-4BE1-96BF-6A632ACFE8DE}" = LEGO® Batman™ 2: DC Super Heroes

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010

"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIO_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™

"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa

"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F15F034C-CF2A-4F78-821D-DBFB519101B4}_is1" = Portal Deluxe Edition

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Avidemux 2.5 (64-bit)" = Avidemux 2.5

"Battlelog Web Plugins" = Battlelog Web Plugins

"ESN Sonar-0.70.4" = ESN Sonar

"Fraps" = Fraps (remove only)

"Free Studio_is1" = Free Studio version 5.3.5

"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 3.0

"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Standard)

"loadtbs-2.1" = loadtbs-2.1

"LogMeIn Hamachi" = LogMeIn Hamachi

"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Office14.VISIO" = Microsoft Visio Premium 2010

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"Smart File Advisor_is1" = Smart File Advisor 1.1.1

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 2.0.0

"WinLiveSuite" = Windows Live Essentials

"Zeus and Poseidon_is1" = Zeus and Poseidon

 
 ========== Last 20 Event Log Errors ==========

 

[ Cisco AnyConnect VPN Client Events ]

Error - 25.12.2012 06:48:40 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  

 

Error - 25.12.2012 06:48:41 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

Error - 25.12.2012 08:53:58 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  

 

Error - 25.12.2012 08:53:59 | Computer Name = HERBERT | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

Error - 25.12.2012 13:51:30 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  

 

Error - 25.12.2012 13:51:31 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

Error - 26.12.2012 15:15:51 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  

 

Error - 26.12.2012 15:15:52 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

Error - 26.12.2012 15:25:47 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp

Line:

 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:

 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  

 

Error - 26.12.2012 15:25:48 | Computer Name = Herbert | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei

 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw

Error:

 No such file or directory

 

 

< End of report >

--- --- ---