kwotschmann | 20.08.2012 12:06 | danke für deine antwort.
hier ist mal das log von malwarebytes. es wurde nichts gefunden. liegt das daran, dass antivir den fund in quarantäne verschoben hat?
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.20.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
+++ :: +++-PC [limitiert]
20.08.2012 11:54:19
mbam-log-2012-08-20 (11-54-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393044
Laufzeit: 48 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
-------------------------------
hier die ergebnisse on otl:OTL Logfile: Code:
OTL logfile created on: 20.08.2012 13:20:33 - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\+++\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,78% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 175,68 Gb Total Space | 130,89 Gb Free Space | 74,50% Space Free | Partition Type: NTFS
Drive D: | 122,31 Gb Total Space | 66,98 Gb Free Space | 54,76% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\+++\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
========== Modules (No Company Name) ==========
MOD - C:\Users\+++\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Users\+++\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\smserial.sys (Motorola Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 AD FD CA D9 52 CD 01 [binary data]
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=290312_29&babsrc=SP_ss&mntrId=a8a3480500000000000000ff789bb999
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\..\SearchScopes\{14CAF5E2-10C6-4909-B95C-BB590B59C334}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=f3989426-eb29-469d-be86-3744cb260c0e&apn_sauid=F01C9EF1-AFE5-4C59-889E-510C2BB7FFBF
IE - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111304&tt=290312_29&babsrc=KW_ss&mntrId=a8a3480500000000000000ff789bb999&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.03.26 22:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\+++\AppData\Roaming\mozilla\Extensions
[2012.08.14 12:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\7cefpcxi.default\extensions
[2012.06.27 21:01:41 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\7cefpcxi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.08.14 12:18:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\7cefpcxi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.22 18:53:02 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\7cefpcxi.default\extensions\DefaultManager@Microsoft
[2012.04.03 22:14:54 | 000,001,003 | ---- | M] () -- C:\Users\+++\AppData\Roaming\Mozilla\Firefox\Profiles\7cefpcxi.default\searchplugins\myvideo.xml
[2012.03.28 19:37:56 | 000,002,057 | ---- | M] () -- C:\Users\+++\AppData\Roaming\Mozilla\Firefox\Profiles\7cefpcxi.default\searchplugins\youtube-videosuche.xml
[2012.07.02 17:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.02 17:35:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.18 20:08:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.30 17:47:52 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SACE7.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2403768231-4140441272-2654916540-1000..\Run: [EPSON SX218 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SD5B6.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\+++\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789BB999-C967-43FA-8B67-A239C11D06C6}: DhcpNameServer = 131.246.9.116 131.246.1.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D398ED67-6DF9-4F8B-A329-3B46EEEBA5FD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.20 11:56:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\+++\Desktop\OTL.exe
[2012.08.20 11:52:49 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Roaming\Malwarebytes
[2012.08.20 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.20 11:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.20 11:52:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.20 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.20 11:51:56 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\+++\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.18 10:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.16 14:01:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.16 11:05:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 11:05:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 11:05:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 11:05:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 11:05:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 11:05:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 11:05:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 11:05:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 11:05:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 11:05:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 11:05:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 11:05:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 11:05:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 10:46:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 10:46:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 10:46:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 10:45:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 10:45:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 10:45:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 10:45:58 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 10:45:44 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.13 21:13:50 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\Physik. Prak
[2012.07.31 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\OpenHardwareMonitor
[2012.07.28 15:42:31 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\ZU DRUCKEN
[2012.07.23 20:19:46 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Local\Cisco
[2012.07.23 20:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.07.23 20:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.07.23 20:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
========== Files - Modified Within 30 Days ==========
[2012.08.20 13:00:12 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.08.20 12:42:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 11:56:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\+++\Desktop\OTL.exe
[2012.08.20 11:52:35 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.20 11:52:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\+++\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.20 11:43:45 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 11:43:45 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 11:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 08:10:25 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 17:31:42 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.19 17:31:42 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.19 17:31:42 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.19 17:31:42 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.19 17:31:42 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.18 18:58:01 | 391,245,577 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.16 14:03:27 | 000,449,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.13 21:02:24 | 000,513,827 | ---- | M] () -- C:\Users\+++\Desktop\img008.pdf
[2012.08.13 13:47:19 | 000,002,010 | -H-- | M] () -- C:\Users\+++\Documents\Default.rdp
[2012.08.03 18:24:42 | 000,173,449 | ---- | M] () -- C:\Users\+++\Desktop\hs_loes01.pdf
[2012.08.02 19:59:44 | 000,327,281 | ---- | M] () -- C:\Users\+++\Desktop\Medikamente+pocket+V1.0.pdf
[2012.07.31 21:46:31 | 000,367,631 | ---- | M] () -- C:\Users\+++\Desktop\openhardwaremonitor-v0.5.1-beta.zip
========== Files Created - No Company Name ==========
[2012.08.20 11:52:35 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.18 18:58:01 | 391,245,577 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.13 21:02:24 | 000,513,827 | ---- | C] () -- C:\Users\+++\Desktop\img008.pdf
[2012.08.03 18:24:41 | 000,173,449 | ---- | C] () -- C:\Users\+++\Desktop\hs_loes01.pdf
[2012.08.02 19:59:42 | 000,327,281 | ---- | C] () -- C:\Users\Michael\Desktop\Medikamente+pocket+V1.0.pdf
[2012.07.31 21:46:30 | 000,367,631 | ---- | C] () -- C:\Users\Michael\Desktop\openhardwaremonitor-v0.5.1-beta.zip
[2012.04.17 13:02:39 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.01 17:40:33 | 000,007,597 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
========== LOP Check ==========
[2012.03.30 17:47:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Babylon
[2012.03.30 12:56:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canneverbe Limited
[2012.07.18 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2012.03.30 12:11:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\e-academy Inc
[2012.06.01 14:49:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EPSON
[2012.06.27 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICQ
[2012.03.29 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2012.03.30 17:47:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pdfforge
[2012.07.11 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QuickScan
[2012.04.17 15:46:06 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Unigraphics Solutions
[2012.08.20 13:00:12 | 000,000,550 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.05.22 16:38:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 20.08.2012 13:20:33 - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,78% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 175,68 Gb Total Space | 130,89 Gb Free Space | 74,50% Space Free | Partition Type: NTFS
Drive D: | 122,31 Gb Total Space | 66,98 Gb Free Space | 54,76% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2403768231-4140441272-2654916540-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18529937-D2D7-41A3-994E-E951ECF69E8D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AF309C0-7AD6-486C-B750-35A628018F4F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DF4BC7F-7537-4CF6-B0BC-FC884D89EAA4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{23A340A1-8299-4BFA-8816-77552301A9FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3056D3CC-19B0-49AA-AF00-AFFC9116594F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{310E919B-1312-45E2-A720-770F4C596644}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{31109E17-0DE4-458C-839A-745A43393D7E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39C92441-6B9B-4368-8602-2CAD8DD89FFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CCF7AB6-1B61-4CB0-9FB1-D06C15F2DBE2}" = lport=137 | protocol=17 | dir=in | app=system |
"{54E86F58-C859-4A78-9F07-DFE61E90F42D}" = rport=139 | protocol=6 | dir=out | app=system |
"{773E1A93-C1B6-4307-BA84-E0E4DDDE5008}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D74A430-B6F5-4214-B605-FAD238A02A76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8109A365-83C7-4C9E-899D-1DF0D092A691}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82D9149F-C661-45A8-856B-D6C727F92181}" = lport=445 | protocol=6 | dir=in | app=system |
"{92E0B81E-252E-43EE-B862-890BFC640554}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{96348850-A152-421E-84A3-95C56FE330B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F500535-E2EE-413E-B2EF-70DD34F0ED71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A68E772F-26DF-4419-A973-B7BB29AF391A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF4181D9-12F5-4172-BB05-5263A20C845D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2726E8C-E732-4CC6-BE64-F062B9A22E5D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6A3A005-D885-4E97-8CEA-465DE88539D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7AB0BD7-478A-4E9F-970B-8BD79379FFC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBFC28D5-DF90-4078-91F4-D5E757C7AC3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEEF491E-FD6E-43AC-BFF5-5D2AE9F16800}" = lport=138 | protocol=17 | dir=in | app=system |
"{F771FB4B-AA93-4C01-9A7E-F9641FBEB148}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021C9BD0-188E-4B5B-9072-8DBE561C0CF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0251BA3B-AB2E-4CB4-A5EE-7D65AC8065F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04D06BC9-D242-43AA-8CCB-B1202785A7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"{0A9A6C93-9831-4905-B408-B9367AF0236D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C25B751-3442-4171-B6B9-AD9100DC5C48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1D762B09-D616-48FF-9852-B29642A49A11}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{2228A73A-8113-4C0B-B042-7FCF94E0CE4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{268DABD2-5455-4E69-B28A-C069B384F9BC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{2A8E9A55-3AD1-4C9A-84E2-DB1AF645A648}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DC4D4E4-8716-49D4-803B-6B679D51C2AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31853544-64D7-4332-82AD-C2E07095A581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F589C4A-F3EE-45D8-88DD-9413477DC147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4048267A-1137-44B0-A2D6-5CF82FA3AF82}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{5C6D93F3-0ADB-43B1-8825-4FAA56E1529B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6C317685-5F61-4CDE-A3E0-A578FACAE748}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{72704EE9-BD75-47C1-9CAE-E9DD884365B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74903B95-ED81-439F-8AFA-84BB2677CBC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{768E6253-0F12-4C9B-BA01-359CADB2FFDE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{97F02BEF-AFD4-440F-A0D3-A96EBE9B745A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A56619A6-7EC2-4A46-930C-5E6487C678E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7F399F9-124F-441C-8248-F92C7806632F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1EDC628-6CB8-4034-A677-5DEB5C522BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{CAB6302D-732D-4CFC-A0CC-237ECDBDF357}" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"{D28A784A-CD41-4D8B-B42C-29ED65A9695A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DFC4B2F8-8AFB-49D5-A734-80855B1BBA06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E758117C-48AE-4CFB-8240-86FF9F8CFBF0}" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"{EDC9BCFC-4AA0-40DC-8FCC-D0DC392FA414}" = protocol=6 | dir=out | app=system |
"{EDE5FA5E-F666-4AD5-92F4-2451B15AA615}" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"{F6D4512B-5A35-42CD-9F27-F02893FB6101}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8DDA0BB-14EA-4BDA-9445-CD145BEE1AFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{70212BF5-C94D-4B60-B08C-C524EDF5BC72}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{97C524A6-0CB5-4C53-BF29-F2DC62C78911}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{6FECABAF-C3F9-4AA6-98CB-3C3DFCF5A64E}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{C1C8DF4B-A4E0-42B9-AEA6-5D88ADAFF52E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{09D95363-4C6D-4C37-B9E0-B4C7D5B1F7BF}" = OpenOffice.org 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BADDD61-4B40-4FD1-BAE8-0E8C1E85F806}" = Solid Edge ST4
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"EPSON Scanner" = EPSON Scan
"FormatFactory" = FormatFactory 2.90
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenVPN" = OpenVPN 2.2.2-gui-1.0.3
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"StarUML_is1" = StarUML 5.0.2.1570
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2403768231-4140441272-2654916540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.08.2012 16:16:31 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.08.2012 01:54:13 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.08.2012 13:35:30 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2012 08:04:46 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.08.2012 04:58:46 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.08.2012 12:59:44 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.08.2012 06:27:19 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.08.2012 13:00:01 | Computer Name = Michael-PC | Source = Windows Backup | ID = 4103
Description =
Error - 19.08.2012 14:45:50 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2012 02:12:15 | Computer Name = Michael-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.08.2012 14:44:54 | Computer Name = Michael-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1086 NULL object. Cannot establish a connection at this time.
Error - 19.08.2012 14:46:03 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 19.08.2012 14:46:03 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 19.08.2012 14:46:03 | Computer Name = +++-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 19.08.2012 14:46:03 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 19.08.2012 14:46:03 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 19.08.2012 14:46:03 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 20.08.2012 02:10:46 | Computer Name = Michael-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 20.08.2012 02:11:10 | Computer Name = Michael-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 20.08.2012 02:11:14 | Computer Name = Michael-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1086 NULL object. Cannot establish a connection at this time.
[ System Events ]
Error - 12.07.2012 09:05:00 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?07.?2012 um 15:03:25 unerwartet heruntergefahren.
Error - 12.07.2012 09:05:07 | Computer Name = Michael-PC | Source = BugCheck | ID = 1001
Description =
Error - 12.07.2012 09:06:28 | Computer Name = Michael-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 14.07.2012 17:26:18 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2012 um 23:24:47 unerwartet heruntergefahren.
Error - 14.07.2012 17:26:28 | Computer Name = Michael-PC | Source = BugCheck | ID = 1001
Description =
Error - 21.07.2012 06:35:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 21.07.2012 06:35:00 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 28.07.2012 04:18:32 | Computer Name = Michael-PC | Source = NetBT | ID = 4321
Description = Der Name "MICHAEL-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 131.246.83.157 registriert werden. Der Computer mit IP-Adresse 131.246.121.11
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 31.07.2012 14:27:12 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?07.?2012 um 20:25:26 unerwartet heruntergefahren.
Error - 31.07.2012 14:27:18 | Computer Name = MICHAEL-PC | Source = BugCheck | ID = 1001
Description =
< End of report > --- --- ---
so. hoffentlich könnt irh was damit anfangen^^ |