| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehler beim Laden von C:Windows\system32\sshnas.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.12.2012, 19:08
| #13 |
| |  Fehler beim Laden von C:Windows\system32\sshnas.dll Einmal adwcleaner: Code:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 18:53:39 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Jan Gerdes - JANGERDES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\web-search.xml
Gelöscht mit Neustart : C:\ProgramData\Ask
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\ProgramData\Trymedia
Gelöscht mit Neustart : C:\Users\Jan Gerdes\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\prefs.js
C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "6-3-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Mar 06 2010 13:49:54 GMT+0100");
Gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Sat Mar 06 2010 12:49:52 GMT+01[...]
Gelöscht : user_pref("CT2269050.FirstServerDate", "4-3-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstalledDate", "Thu Mar 04 2010 18:16:00 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.6.0", "Sat Mar 06 2010 09:57:07 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "128956111944730000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.internetcologne.de/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Mar 06 2010 12:49:52 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1267632738");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Mar 04 2010 18:15:59 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1267632738");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN03443656431502643");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Mar 06 2010 13:49:55 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,moveplayer%40movenetworks.[...]
Datei : C:\Users\Mama und Papa\AppData\Roaming\Mozilla\Firefox\Profiles\jq9upz42.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [10173 octets] - [28/12/2012 15:06:04]
AdwCleaner[S1].txt - [9927 octets] - [28/12/2012 18:53:39]
########## EOF - C:\AdwCleaner[S1].txt - [9987 octets] ##########
Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 18:58:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan Gerdes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,75% Memory free
8,18 Gb Paging File | 6,09 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 255,31 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C5DCB0-1C9A-45CF-80CF-8A4D7DD290B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B001F0C-526A-4F65-AA04-A9E2ADDD150B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B9E809A-063E-43AB-8FB2-E52239FB9724}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BE1D342-6193-4F36-8F12-7EC71D6D91F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AD0B7E0-AF70-479F-A0D9-DE615954DB41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{275A99B2-E617-4C00-A131-65332B23D407}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DDA9833-13AC-4716-8FA9-B65D15CE2856}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{343CC9F5-E601-48A1-800D-BD59ED7564A9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{35098093-F358-4765-A509-83F4F4EEBE88}" = rport=10243 | protocol=6 | dir=out | app=system |
"{391EEF56-2734-4B76-82F2-EFE78FC117D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A155512-274E-4ADA-9708-348EA7D7195A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A34B94A-0894-42A2-AF2C-149C36F7AABE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40815467-0FF6-4826-8FF9-0C3E2786FD39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{41F0201C-2BC9-4D77-8B62-289AF5B31A10}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4903408F-0778-484C-A52A-CB1AE74C401B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D287E3D-08A4-4F8A-8DD6-AC62A93C0150}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{61460E83-1C30-4F50-A305-B2363B4006BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{61F41127-D97D-4980-B43E-1B3C0FE22979}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6387FCD3-B462-4904-A0A2-CEE952531A28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670FA5D8-F7A0-4F1D-BFC4-6CC5CF1CA523}" = lport=138 | protocol=17 | dir=in | app=system |
"{6CF24E5F-570A-4E6A-BC7E-259B4E126967}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6FDF9A9B-96B4-4D02-A76A-2F9FA1AB1879}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{738E2288-7F1C-4C31-B7F1-556B57FDF5BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{791B50B2-07F0-4112-9AB7-81BF130F0133}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E621995-74FB-421C-8231-5205A6019784}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80285907-1A41-48E3-B108-97C0F300DFB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{82A13071-B01B-426E-8975-36A6E569E016}" = lport=3390 | protocol=6 | dir=in | app=system |
"{842BB45D-577B-407D-8B03-3E1885228F35}" = rport=138 | protocol=17 | dir=out | app=system |
"{845BBEDD-AF03-46C0-85C6-EB02502ACF75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86510686-8795-451F-A0E0-A202B6E12773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{913D64D0-BAC5-4C98-81E6-F1411D22F092}" = lport=10244 | protocol=6 | dir=in | app=system |
"{96717B7D-FD30-47D4-A665-42D99FEC5106}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A26F061-B191-410C-9073-EE374529BDC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9E1E12E9-AEA8-452F-9E3A-CDA486C4E79D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{9E258E73-6892-42DD-A0DB-4FAF204B8EDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A291CA8E-2D4C-43C6-BF5C-C999F3883E4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A59F8968-75D4-4EA7-8003-C372BEB104F7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A633A46C-19E6-4417-824D-E8532547AF40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA57CE68-25BF-4C65-AC3C-374A3E4314D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABAAA1DB-43D6-4CB5-AB46-B08ACA49221E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B23EEFD3-5CBA-4EF5-85D6-7DEC05FA7637}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B65AF21C-8A74-4881-8B21-CAE85F7DACFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D09C8F15-E2D7-4F94-AC46-5C93217F2531}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D46DEA2A-A9DF-4FC9-95BB-F1B91D49913D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F04474-8578-4818-B7EB-BACF1B727155}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E0A0D8D4-4747-421C-A279-FF6F493495CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA17F5E3-78D2-4B87-A324-9AE23703F992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB0535B7-F939-457D-B3E5-0E725CAE00E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF745BB2-BDC9-4449-AED9-06B3DAEC5A26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD2A7280-5A6F-4F28-A145-D5894E144D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002F252D-C187-4F1D-B458-D22C4270E406}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{00C64CC4-6891-4494-9113-F6795E10AA52}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{02404206-D8D7-427A-9F99-2E5E31B460C8}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{024FE40D-5E00-4265-B9B5-A1293DDFC9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{02CD1318-0FD9-4BD4-B4EC-6A5E3617097A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0B586977-0421-4DB4-A2AC-F024B1E86918}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{0B8E523C-16CA-47F9-9948-7DBD7C29DB81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11B808D5-20D1-497C-AC45-40C473962F03}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{1534B867-4F28-46D4-8E74-F844E17F9A7E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{168855BB-D397-462D-953D-40AE8DE7B067}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe |
"{17E1C646-A914-4630-A6D5-8C26C2B6D85F}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{1AB2B977-337F-4AE8-A9FC-93CD04CBCBF0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1DD3A32B-79A4-4E2A-9FD6-2AC85090158B}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{209C0385-301E-411F-8014-778929AF1535}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{211C8BFA-BF02-4AFA-8923-8EC0CB400728}" = protocol=17 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe |
"{215D63D8-7E98-4B4E-A744-74C42EFB1D4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{215FE5FD-8C6D-47EF-B1A0-E9E7F1F8C296}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{288D1A32-062C-4ABE-8E08-F5C37BF96046}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll |
"{3154FAE1-6443-4B5F-A0BC-5865AAC4DEAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{354F333D-D8B4-4906-AF24-110057B33633}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{367C2234-A8F7-4A9E-A6B8-96B9DD515E42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CD35116-2B06-4DB2-81FC-8651FAD247B8}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{3D1E8FDB-BA2E-43BC-BA51-378FB7DE5618}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe |
"{3EB8046E-CCC5-4865-9FBD-69FF745F72EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F659DE7-E12D-4516-B139-FC3C664760BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{415137B8-0AF1-4027-BAF7-D43D2D9A1700}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll |
"{4380149A-5F81-4078-A2CD-AE00CF6F47A1}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll |
"{43BCA487-901F-4B38-99E2-CB31A6087359}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{47EB364C-74FB-43A5-A27B-615E376EA723}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll |
"{495ADF8A-7770-4568-982E-F8FBA8C9E237}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D5D44D-E042-4FC5-BAD1-FA99FD6F1B89}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4A1970D7-B6C3-42CA-A89E-58351914EBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{4B5EE28C-ABD3-4C47-B938-00E8016D1659}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe |
"{4C80DEFB-820C-4BB7-BE59-7E2D7E56F325}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{50216335-5B8D-4861-BE9A-A537DD79C726}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{504FE0EB-AAA2-4296-A28D-8215176B5FBC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5B50A988-AD20-4D57-8253-C6FE4668F41D}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{607E0281-12A5-49C1-B677-B519F1FB1234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61FFDD5D-1B6D-4A56-9C94-F2DBE6677539}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{63E849B5-533D-4FA1-A87F-CB41DC5D1FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe |
"{6DE5B49F-FFA0-4C54-8F42-1EB0F228727E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FB68DED-F0A3-4DA1-A1E7-FCF9BA0F87DD}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{724B00FF-6E77-45D4-B441-2414D3D06717}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll |
"{7504CFC7-3185-48F0-8B6C-51A49F9A7918}" = dir=in | app=c:\users\jan gerdes\documents\the war z\warz.exe |
"{7A105F6C-14C0-4381-8180-1AF726C7870C}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll |
"{7B8FE7DA-40FB-4EC6-B357-27DADB80067A}" = protocol=6 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe |
"{845B67BC-696E-4970-B3B7-3541A9595ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{88180D26-3D26-4A49-B7EA-69FCBE4FBD88}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{8AB31BC2-52AE-41D9-AA92-24EB0CA375B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E73EFDD-11AD-4D32-B96A-9DC7C1255005}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F54491A-A1AA-4970-B9D9-0B035031F90D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{917F2F79-E0B1-49DF-8007-AF79C063BC27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95C187C0-CC4F-4E28-B19F-6369C184F5C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{995EFC1F-9742-4568-AFA6-2455DB99B7FC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{995F6F94-0015-4AAC-8F5D-4F99B88D4259}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{9BBB4764-067D-4A2B-8418-877D25E2A77D}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll |
"{A03CBC52-93A2-41C1-B95B-C0C94B6807F2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{A2A2D2AF-63A7-46F6-A2A3-06458961E7EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A89D79E7-9662-4EDA-945E-05738F881DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{A9AC29AF-AF4C-4398-A08E-64434BE5F848}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AAABD9BB-80E4-4551-A6D0-30DB6C062765}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AB0777CF-6B0F-4B1F-AFA7-610F8B99F17E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B45CDF71-EE5F-45E0-811B-3F250BB05037}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C1B9C75B-6F6D-49CA-AB0D-CCAA25603F05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6CDB16B-7367-46F1-8DF3-0BEAEF734685}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C793082A-93A1-4EE3-862E-66C72CE8D342}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C96ED7B9-50EF-46A4-B71D-1FCB3F8C84D0}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{CA4FD3D2-3BFD-426F-8B63-CC3AF15D2D32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB6EA4EE-DD22-4A73-B64D-AC4BD65FA34D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB822875-499A-4E55-B46F-58A243B2D497}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{D2881552-957B-4857-B61E-B78A0C875256}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D781F8BE-E28E-4AF9-AA9E-00EF83620C6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D85BD06D-4FFD-439A-A372-B0A945E9A1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"{DC296A6C-2C76-418A-B736-3DD95A082F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{DD7D84AF-87F4-4CCE-870B-A748924B5F14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DDE4575D-FB29-4455-BDA7-E3227BE2FAB8}" = protocol=6 | dir=out | app=system |
"{E050F5B9-A8A8-4A2B-BF5C-645B233B6161}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe |
"{E19EF93B-1CFC-4A88-9BBE-C32CFB72D4EE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4C4B3F4-7BD1-4FD4-B869-FBF084AEC726}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe |
"{E6084A9D-A738-4B9E-8DAC-C6FB12834CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{E6AAD340-FC68-4736-8480-3AEFEA2CDF70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E96238B4-C44A-420E-AEB9-26B33532D29F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"{EA537C96-F897-4E17-94B2-F74CA1E1BA0D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA9D5AB4-725B-4DCC-95E7-B87E5CEB9D17}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{EB8D1273-A553-47D2-9B40-45A4571AD041}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{F07B13CD-49D6-44F9-8D95-7B4DF44E0A31}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll |
"{F2016D04-D573-4520-8FB6-8B5559D77C73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD58C3F2-E35B-4F3F-BF38-6E6304D66EB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{18A0CFB2-9D2B-4269-AE37-E7C642EFD2F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8A8B1A4C-A0BC-4E4C-9C6A-C6170C061701}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe |
"TCP Query User{8D641396-D862-476D-B152-4AF19846C0E9}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe |
"TCP Query User{A0495165-064F-4CC0-A9B9-740285741FA4}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe |
"TCP Query User{CC292F5A-80DA-4B7F-8816-564EE88B1602}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{476194D9-0C60-42AF-9504-132087836D3E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6A68EAA0-15D9-4421-A202-28ADFC752821}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{9D8A6D64-0509-42FB-BBD6-8364029EF712}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe |
"UDP Query User{CD915A09-2735-466A-BAEB-349746B18A9F}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe |
"UDP Query User{F5238CF1-913C-424A-842F-D0D54549D0A3}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.3.0
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{434D083E-A4CC-401A-9E74-621000038101}" = OF: Red River
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55DAC754-01F4-4EF8-9E23-6A1847862FBD}_is1" = Winterberg Configurator Version WEM Confi 8.5
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5F7ED0CD-E04E-4441-9E03-10AFDB654E96}_is1" = Werksfeuerwehr-Simulator Version 1.0
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B399BFBA-258C-4C01-B929-D0D0873FBC4B}" = TL-PA211 Powerline Utility
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0
"1ClickDownload" = OnlineHDTV
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm für Cobra 11 - Das Syndikat_is1" = Alarm für Cobra 11 - Das Syndikat
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emergency 2012" = Emergency 2012 Deluxe
"Free Studio_is1" = Free Studio version 5.7.2.825
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCologne" = NetCologne-Installationsdateien entfernen
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Real Heroes - Firefighter_is1" = Real Heroes Firefighter
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair v4.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinDSL" = WinDSL
"WinPcapInst" = WinPcap 4.1.1
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2012 09:17:42 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:08:30 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:13:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:13:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:15:59 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:31:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:31:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:37:17 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:39:07 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 19:44:29 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 11.10.2012 08:29:22 | Computer Name = JanGerdes-PC | Source = Mcx2Dvcs | ID = 401
Description =
[ System Events ]
Error - 28.12.2012 10:01:31 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.12.2012 10:01:31 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.12.2012 10:01:32 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2012 13:55:33 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2012 13:55:42 | Computer Name = JanGerdes-PC | Source = HTTP | ID = 15016
Description =
Error - 28.12.2012 13:55:44 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2012 13:55:44 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
OTL.Txt Code:
ATTFilter OTL logfile created on: 28.12.2012 18:58:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan Gerdes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,75% Memory free
8,18 Gb Paging File | 6,09 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 255,31 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Jan Gerdes\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys ()
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys ()
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys ()
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys ()
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys ()
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys ()
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Hardlock) -- C:\Windows\SysWOW64\drivers\hardlock.sys (Aladdin Knowledge Systems)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.internetcologne.de/
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..keyword.URL: "hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]
[2009.03.26 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Extensions
[2012.12.15 13:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions
[2010.05.03 15:45:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.05 13:58:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\moveplayer@movenetworks.com
[2012.10.22 11:42:46 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.24 11:38:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.05 17:52:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012.12.05 17:52:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.12.05 17:52:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.05 17:53:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.07.31 19:06:54 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Extras.dll
[2009.07.31 18:47:11 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Movies.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.12.28 00:36:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC43B4D4-EB47-4867-AC3F-B1CC51339A1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.31 16:48:52 | 003,170,304 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.23 13:34:28 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.28 18:53:19 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\Neuer Ordner
[2012.12.28 18:50:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan Gerdes\Desktop\OTL(1).exe
[2012.12.28 11:37:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.28 00:44:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.28 00:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Local\temp
[2012.12.28 00:08:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.28 00:08:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.28 00:08:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.28 00:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.28 00:07:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.28 00:07:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012.12.28 00:06:31 | 005,014,125 | R--- | C] (Swearware) -- C:\Users\Jan Gerdes\Desktop\ComboFix.exe
[2012.12.27 14:58:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan Gerdes\Desktop\tdsskiller.exe
[2012.12.27 14:53:58 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jan Gerdes\Desktop\aswMBR.exe
[2012.12.27 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\mbar
[2012.12.24 11:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Roaming\Malwarebytes
[2012.12.24 11:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.24 00:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.23 22:36:56 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\DVD Video Soft
[2012.12.23 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\Emergency
[2012.12.05 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.28 19:00:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A904537-B371-47EE-A20C-594D18C043A0}.job
[2012.12.28 18:55:51 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 18:55:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 18:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 18:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 18:55:37 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 18:50:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan Gerdes\Desktop\OTL(1).exe
[2012.12.28 18:26:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 15:07:33 | 001,588,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 15:07:33 | 000,681,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 15:07:33 | 000,640,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 15:07:33 | 000,149,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 15:07:33 | 000,122,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 15:05:45 | 000,550,017 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
[2012.12.28 11:39:08 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3A84B897-A39D-439C-8BDD-53E79D2401A0}.job
[2012.12.28 00:36:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.28 00:06:46 | 005,014,125 | R--- | M] (Swearware) -- C:\Users\Jan Gerdes\Desktop\ComboFix.exe
[2012.12.27 14:58:30 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan Gerdes\Desktop\tdsskiller.exe
[2012.12.27 14:54:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jan Gerdes\Desktop\aswMBR.exe
[2012.12.27 11:57:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.27 11:57:48 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.25 17:25:11 | 000,022,083 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\Aufzeichnen.JPG
[2012.12.24 12:23:29 | 000,000,000 | ---- | M] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 12:00:53 | 000,002,615 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\Microsoft Office Word 2007.lnk
[2012.12.24 00:41:15 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.28 15:05:43 | 000,550,017 | ---- | C] () -- C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
[2012.12.28 00:08:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.28 00:08:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.28 00:08:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.28 00:08:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.28 00:08:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.25 17:25:08 | 000,022,083 | ---- | C] () -- C:\Users\Jan Gerdes\Desktop\Aufzeichnen.JPG
[2012.12.24 12:23:29 | 000,000,000 | ---- | C] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 00:41:15 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.24 00:38:26 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.15 21:09:54 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2012.11.15 21:09:54 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2012.11.15 21:09:54 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012.09.14 13:43:39 | 000,000,530 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.03.25 16:14:02 | 000,017,408 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\WebpageIcons.db
[2012.02.17 23:36:25 | 000,000,098 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\fusioncache.dat
[2012.02.17 23:34:09 | 001,566,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 18:43:20 | 000,055,356 | R--- | C] () -- C:\Users\Jan Gerdes\verkleinert.jpg
[2011.04.01 13:12:21 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.01 13:11:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.29 15:45:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.19 19:49:24 | 000,002,528 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\$_hpcst$.hpc
[2010.08.04 18:41:07 | 000,000,205 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\mdbu.bin
[2009.12.22 13:55:23 | 000,021,259 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\UserTile.png
[2009.03.29 10:35:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.01 13:57:52 | 000,003,072 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\wklnhst.dat
[2009.01.10 21:35:55 | 000,000,680 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\d3d9caps.dat
[2008.12.27 14:24:25 | 000,024,576 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
< End of report >
|
| Themen zu Fehler beim Laden von C:Windows\system32\sshnas.dll |
| 1clickdownload, bluescreen, canon, converter, cpu-z, desktop, error, excel, flash player, google, home, install.exe, intranet, jdownloader, kaspersky, logfile, mp3, nvidia update, office 2007, popup, problem, programm, realtek, scan, security, senden, software, starten, system, teamspeak, trojaner, vista, windows |
Baum-Darstellung