| IronEddie | 04.07.2012 12:38 |
GVU Trojaner mit Wecam...
Hallo zusammen,
auch ich habe mir diesen ominösen GVU Trojaner eingefangen. Ich "besitze" die Version mit Webcam. System: Windows 7.
Anbei die Logdatei von malwarebytes.
Vielen Dank für die Hilfe.
Edith:
OTL: Code:
OTL logfile created on: 04.07.2012 13:40:42 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,93% Memory free
5,87 Gb Paging File | 4,27 Gb Available in Paging File | 72,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 420,55 Gb Total Space | 122,80 Gb Free Space | 29,20% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,49 Gb Free Space | 97,50% Space Free | Partition Type: NTFS
Drive E: | 1,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 0,34 Gb Free Space | 9,07% Space Free | Partition Type: FAT32
Computer Name: WRATHCHILD | User Name: ************ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.04 13:40:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\************ \AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 10:37:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 10:37:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 10:37:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 10:37:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 23:48:20 | 018,374,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\EXCEL.EXE
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.21 20:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.22 01:31:16 | 003,122,440 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\VeriFace\PManage.exe
PRC - [2009.09.29 18:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.09.29 18:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe
PRC - [2009.08.12 10:09:32 | 000,683,576 | ---- | M] (Conexant Systems, Inc) -- C:\Programme\CONEXANT\SAII\SmartAudio.exe
PRC - [2009.07.23 15:13:12 | 001,033,480 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDEngine.exe
PRC - [2009.07.23 15:13:10 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDAgentS1.exe
PRC - [2009.07.23 15:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009.06.04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.12.23 03:28:00 | 000,795,936 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe
PRC - [2008.12.23 03:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2008.09.10 16:32:08 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.03 19:59:19 | 000,179,360 | ---- | M] () -- C:\Users\************ \AppData\Local\Temp\roper0dun.exe
MOD - [2012.06.14 20:46:33 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 20:45:57 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 20:07:53 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 20:07:34 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 20:07:25 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 20:07:03 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.12 10:00:41 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.12 09:15:45 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 09:15:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 09:14:08 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 09:13:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 09:13:48 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 09:13:42 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 09:13:28 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.10.24 19:27:22 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.10.24 19:27:22 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2009.12.22 01:31:16 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2009.12.22 01:31:16 | 000,492,808 | ---- | M] () -- C:\Programme\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009.11.16 21:41:12 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008.12.23 03:21:50 | 000,040,960 | ---- | M] () -- C:\Windows\System32\ZnMacroUIRes.deu
MOD - [2008.12.23 03:09:04 | 000,192,512 | ---- | M] () -- C:\Programme\Nuance\PDF Professional 5\PDFCOffice2007Addin.dll
MOD - [2008.12.20 05:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 05:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll
MOD - [2003.05.08 03:23:04 | 000,618,496 | ---- | M] () -- C:\Programme\VDMSound\LaunchPad.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.06.23 10:45:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.17 09:33:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 10:37:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 10:37:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.21 20:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009.07.23 15:13:12 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Programme\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009.07.23 15:13:08 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Programme\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.12.23 03:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.07.04 13:26:37 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\fglftko.sys -- (dtnbs)
DRV - [2012.07.04 10:20:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.08 10:37:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 10:37:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 03:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009.12.22 01:30:39 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.09.14 20:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.28 23:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009.07.21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.16 14:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009.06.26 00:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.06.15 04:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.06.08 11:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009.05.19 15:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.08.06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.06.28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.07.31 07:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2004.06.09 00:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003.10.15 18:07:38 | 000,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003.10.11 09:39:52 | 000,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)
DRV - [2002.04.09 17:00:10 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "hxxp://startsear.ch/?q="
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.der-betze-brennt.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\************ r\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.11.01 15:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2012.06.17 09:33:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2012.04.13 21:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 21:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2012.06.17 09:33:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2012.04.13 21:54:49 | 000,000,000 | ---D | M]
[2010.05.10 13:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\************ \AppData\Roaming\mozilla\Extensions
[2010.05.10 13:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\************ \AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.01 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\************ \AppData\Roaming\mozilla\Firefox\Profiles\5b7p7cjy.default\extensions
[2012.05.31 10:40:32 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\************ \AppData\Roaming\mozilla\Firefox\Profiles\5b7p7cjy.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012.04.01 19:58:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\************ \AppData\Roaming\mozilla\Firefox\Profiles\5b7p7cjy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.25 19:03:11 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\************\AppData\Roaming\mozilla\Firefox\Profiles\5b7p7cjy.default\extensions\gutscheinmieze@synatix-gmbh.de
[2012.07.01 09:15:03 | 000,000,853 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\11-suche.xml
[2012.07.01 09:15:03 | 000,002,209 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\englische-ergebnisse.xml
[2012.07.01 09:15:03 | 000,010,506 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\gmx-suche.xml
[2012.07.01 09:15:03 | 000,002,368 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\lastminute.xml
[2011.05.18 15:06:52 | 000,000,632 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\startsear.xml
[2012.07.01 09:15:03 | 000,005,489 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\webde-suche.xml
[2010.10.14 09:36:43 | 000,001,032 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Mozilla\Firefox\Profiles\5b7p7cjy.default\searchplugins\wikipedia-eng.xml
[2011.11.01 15:24:53 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011.09.10 15:45:46 | 000,089,388 | ---- | M] () (No name found) -- C:\USERS\************ \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5B7P7CJY.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011.10.31 16:31:26 | 000,037,502 | ---- | M] () (No name found) -- C:\USERS\************ \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5B7P7CJY.DEFAULT\EXTENSIONS\SEARCHDICTCC@ROUGHAEL.XPI
[2012.07.01 09:15:01 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\************ \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5B7P7CJY.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla\plugins\npwachk.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\************ \AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Freemake Video Converter = C:\Users\************ \AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\************ \AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\************ \AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\************ \AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\************ \AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\************ \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit PDF Converter 5.2 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Mit PDF Professional 5.2 öffnen - C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15F12E4D-60D2-4036-A1EC-220CB6BC4121}: DhcpNameServer = 10.1.1.1 10.1.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{544696D1-9BBD-4116-B64D-89D5E601BE57}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.29 14:13:58 | 000,000,147 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{295a9756-ee87-11de-b6ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{295a9756-ee87-11de-b6ac-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2010.05.14 13:31:46 | 000,930,096 | R--- | M] (Cornelsen Verlag)
O33 - MountPoints2\{295a9756-ee87-11de-b6ac-806e6f6e6963}\Shell\EG21\command - "" = E:\Start.exe -- [2010.05.14 13:31:46 | 000,930,096 | R--- | M] (Cornelsen Verlag)
O33 - MountPoints2\{2eeb4182-5c12-11df-91c0-002622e14452}\Shell - "" = AutoRun
O33 - MountPoints2\{2eeb4182-5c12-11df-91c0-002622e14452}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.04 10:20:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.07.04 10:11:57 | 000,000,000 | ---D | C] -- C:\Users\************ \AppData\Roaming\Malwarebytes
[2012.07.04 10:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 10:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 10:11:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.07.04 10:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.19 09:23:24 | 000,000,000 | ---D | C] -- C:\Users\************ \Desktop\Martin Luther King
[2012.06.17 09:34:05 | 000,000,000 | ---D | C] -- C:\Users\************ \AppData\Local\Macromedia
[2011.02.18 19:45:59 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.04 13:45:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.07.04 13:26:37 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\fglftko.sys
[2012.07.04 12:59:12 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.04 10:27:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 10:27:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 10:26:52 | 000,701,108 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.07.04 10:26:52 | 000,662,950 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.07.04 10:26:52 | 000,147,762 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.07.04 10:26:52 | 000,124,144 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.07.04 10:20:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.07.04 10:19:56 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 10:19:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.07.04 10:19:06 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 10:11:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 22:11:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 19:59:20 | 000,001,893 | ---- | M] () -- C:\Users\************ \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 11:02:21 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.19 11:20:24 | 000,466,144 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.06.14 21:25:04 | 065,419,276 | ---- | M] () -- C:\Users\************ \Desktop\Die_Zwanziger_Jahre_4_9.mp4
[2012.06.14 21:23:55 | 065,239,778 | ---- | M] () -- C:\Users\************ \Desktop\Charleston_Party_1926.mp4
[2012.06.05 13:50:53 | 000,004,014 | ---- | M] () -- C:\Users\************ \.recently-used.xbel
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.04 13:26:37 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\fglftko.sys
[2012.07.04 10:11:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.03 19:59:20 | 000,001,893 | ---- | C] () -- C:\Users\************ \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.03 19:59:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.06.14 21:24:50 | 065,419,276 | ---- | C] () -- C:\Users\************ \Desktop\Die_Zwanziger_Jahre_4_9.mp4
[2012.06.14 21:23:41 | 065,239,778 | ---- | C] () -- C:\Users\************ \Desktop\Charleston_Party_1926.mp4
[2012.06.05 13:50:53 | 000,004,014 | ---- | C] () -- C:\Users\************ \.recently-used.xbel
[2011.09.26 15:50:08 | 000,003,584 | ---- | C] () -- C:\Users\************ \AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.04 12:06:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.07 12:50:45 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.10.17 17:48:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.10 18:40:40 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf08b.dat
========== LOP Check ==========
[2011.04.15 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\Canon
[2012.06.17 11:06:07 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\Cornelsen
[2011.05.01 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\Digiarty
[2012.07.04 10:20:26 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\Dropbox
[2012.05.02 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\DVDVideoSoft
[2010.09.06 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\EA
[2010.11.11 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\FreeCommander
[2012.06.02 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\gtk-2.0
[2011.05.01 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\Gutscheinmieze
[2011.10.16 21:04:31 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\ICQ
[2011.09.17 21:30:16 | 000,000,000 | ---D | M] -- C:\Users\B************ r\AppData\Roaming\ImgBurn
[2011.03.11 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\NCH Swift Sound
[2011.10.24 19:28:04 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\OpenOffice.org
[2010.05.10 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\Thunderbird
[2010.09.10 18:52:13 | 000,000,000 | ---D | M] -- C:\Users\************ \AppData\Roaming\XnView
[2011.01.04 12:07:55 | 000,000,000 | ---D | M] -- C:\Users\************ r\AppData\Roaming\Zeon
[2012.05.20 15:33:37 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extra: Code:
OTL Extras logfile created on: 04.07.2012 13:40:42 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,93% Memory free
5,87 Gb Paging File | 4,27 Gb Available in Paging File | 72,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 420,55 Gb Total Space | 122,80 Gb Free Space | 29,20% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 29,49 Gb Free Space | 97,50% Space Free | Partition Type: NTFS
Drive E: | 1,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 0,34 Gb Free Space | 9,07% Space Free | Partition Type: FAT32
Computer Name: WRATHCHILD | User Name: ************ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20C6A025-530D-4B00-8E86-1B91C663C6B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C7FD63-C8FF-4161-8B4F-13A3FD74D80C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C4DD440-4886-443D-9D43-CD8D7B5DE2F4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D2370D7-A900-45C0-BF58-B5416587F826}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3602881D-70F7-4A55-A446-954CEC613E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39C140A5-8C51-4B2B-978B-FAF69007B742}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51D9642B-5C23-44E2-8408-99089BF15733}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F11C042-7964-410B-A34A-7923B1A1A751}" = rport=138 | protocol=17 | dir=out | app=system |
"{6997E0F8-0843-4C5E-BD75-1DAE6DA06657}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C821DF3-2305-44F2-931C-A9469683C94F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7384BD4A-6706-4E00-86EF-F2BD1B99FF56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74E68FEF-1030-4FDE-95D6-1AC2E83F11EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EE57EBB-7614-4D83-AB21-24B3FA672D5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{86BE05F5-FEFF-492E-84BF-05D8E340136B}" = rport=139 | protocol=6 | dir=out | app=system |
"{900B542F-516C-495D-B3A8-E36AF6A7E694}" = rport=10243 | protocol=6 | dir=out | app=system |
"{949C00DF-02F8-4A26-AA5C-64017E5D58C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FE75481-5B06-4976-BA79-818D3CBFCE87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A7DD97A9-1041-4E72-A9CD-4C37E6D8B91E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B790302B-290D-4E78-80BC-492A7613914B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BAC1CBA4-7952-4FF2-95DF-BA54ECD01C31}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF89860D-3481-4168-826B-22A6A40EF61C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6AD9642-713E-48FD-AA8C-D76DB4727110}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5D684C6-B25F-498A-B277-5C14D1EC6134}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBA29F7D-E85C-45E7-84A4-E8373466C7D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFDB9A3E-A53B-4DA3-BAFB-78B2AAA7B8B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{E687B17B-EE84-43D0-8ECF-44FB3FB28DD2}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8DA82-6332-4E2E-BF38-FC5D0D8D7EEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{045C26B3-F1EE-43D5-8800-D9006633A763}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{0BCC1041-4CE1-4BD2-AAF4-27A427D290A7}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{0E3219A9-3FE9-4A11-835C-E17A348282A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F0ABF79-8229-4941-A690-49152C919FC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{127758E5-3661-446C-B39C-EFD9C31CC43A}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{16CD972A-64D7-4C7F-9FC9-70133B2E8BC7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1B5D5388-BBC2-40DB-9886-AC97C8C93E5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21E1098E-3F79-4200-92E4-E4218005E7F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{223463D0-CD4E-44DC-8030-2EA374A29697}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{257127F5-F62D-4870-B51A-84B10203406F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{2B410B97-0302-40A5-BCEA-8989ADAE75B7}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{2B4C2A7F-1084-4456-A0B8-1E1FF588CEF8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2FE59B7B-007E-461C-81AB-70C4F85D607F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32BBB152-4473-4C24-82A1-EBBEDA224473}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3303E2EB-A1BE-4C67-9B2E-DA38429ECEC3}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{3C45F356-5573-49B3-8EAC-6ECFD0F34815}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{5A347047-AE15-41CA-859D-138654013F0E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B0629F5-18C2-4186-912B-E388258FAAA0}" = protocol=6 | dir=out | app=system |
"{5CA551D8-A2F6-460C-A436-899A903A3CA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64AB6908-CEF9-43FD-88F9-67B73FF404F8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6862ADB1-75AC-4AD9-BE7A-87F02DC8329E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7707BB5F-401A-4A06-889D-B13B7E0C79B6}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{7E457E89-F8CB-4B76-852B-45D1504C17FE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8097243B-BAB0-4F5A-BFAA-B2C7C95F1ACC}" = protocol=17 | dir=in | app=c:\users\************ \appdata\roaming\dropbox\bin\dropbox.exe |
"{8535CE9A-0D9E-4564-8E99-7386CC9C434D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D13A4DB-C13B-483D-BBEA-15D6E8088809}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93513674-24A6-40DE-983F-20D3E25855F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3C58643-6481-449C-991C-7B4C34BB4F99}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{A421DCE8-7054-46C0-A152-883FC136F734}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A759018B-BAC3-4B37-82C0-5AC7F1EA30BC}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{AA3FF63F-D786-48DD-A14A-84E62A1AA12A}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{AD8AD39E-0860-41EF-90A5-48159E05B7FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B083CF54-FFAD-4205-B1AC-002C8473E802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4ECB64C-A26D-4BE7-BE6B-FF0AF046A0C4}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{B7CECB94-46D9-4F6F-8FD7-33E2EFED4514}" = protocol=6 | dir=in | app=c:\users\************ r\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB2C87F1-A002-4A8E-BFE8-6E1648AB420F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C0DF18A2-9032-4A74-B1F1-4B4CAE9887FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C92DD241-96D4-42DB-A0C3-599DC35469E8}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{D3690F2A-6A3B-4CD4-8B01-1DBD47A71F9E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D78F80BC-DDD4-4030-83C1-84DF0E9FC541}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{D873FD9D-F798-4585-997E-F5210755B7D6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E0BB5E3E-631D-451E-A6EC-017B17A67474}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3CBFC81-DC3B-4366-BB88-858900F390A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6957E6C-B423-427F-926B-9DBC7861FFD6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{FAE26CBE-655B-4A4F-BA32-49544C5DE01C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBBB68B6-5032-4AAB-BD25-415DEA4562E9}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{FF34CE03-6994-4A58-ACAB-2915D52BC7E5}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"TCP Query User{32857080-C881-4E12-B8EC-D6BFE01D6027}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{4CC88851-EB2C-44D0-8E4A-B473366581FE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4DC7B18C-525B-4AE8-9760-4C74AEBBE4CB}C:\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"TCP Query User{4E2ACE1E-3CC4-4DFD-A07B-8622845728B5}C:\program files\mozilla\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla\firefox.exe |
"TCP Query User{4F76983D-4B3E-41B8-B8FB-D4DA0C2145CC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{89CF5630-80E2-4FB6-B3DF-255B5D87CD45}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BF90AA5F-4DE4-4BF1-95BE-C64B972E642E}C:\users\************ \appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\************ \appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C6EDE392-6405-480F-B480-8040F59AC208}C:\users\b************ \appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\************ \appdata\local\google\google earth\client\googleearth.exe |
"TCP Query User{EB5FFB33-328D-49A5-9141-564D01314F92}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{F5855FD5-DFC2-4688-933B-6D4E1EFBC36E}C:\program files\cryptload\cryptload.exe" = protocol=6 | dir=in | app=c:\program files\cryptload\cryptload.exe |
"UDP Query User{0DCC1B81-037B-4A47-B640-BAC270B73C8D}C:\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"UDP Query User{25BA6073-8A95-44DF-964E-AFBB109347FF}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{28FCC249-D616-4BCF-8F0A-93925A7AB5D6}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{5A1F7F12-7E0C-459F-B929-987CA4A321A4}C:\program files\cryptload\cryptload.exe" = protocol=17 | dir=in | app=c:\program files\cryptload\cryptload.exe |
"UDP Query User{5D4A44BC-99B5-43F3-8378-0F7E08DDF929}C:\users\************ \appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\************ \appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5E46ED16-5F11-4500-A6E4-27F94714CDC2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6E0A4B0C-CF02-41BF-9A56-8A81DA363E89}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6FC67462-77EC-409B-8536-1080B6821DA4}C:\program files\mozilla\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla\firefox.exe |
"UDP Query User{8E397178-4576-4A3F-8975-392FAB25036F}C:\users\************ \appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\************ \appdata\local\google\google earth\client\googleearth.exe |
"UDP Query User{D8643408-A373-4919-B238-F89DD19219A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-145C
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{668842FC-6827-4B6F-82BF-3828BE6D3007}" = Cisco AnyConnect VPN Client
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDD4EA-9D68-11D5-8A28-005004D37F93}" = Wolfenstein 3D
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87595D19-4363-4506-81CF-91FF73B2F368}" = Nuance PDF Professional 5
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B68E7F0B-EAE2-4A83-A1EA-B623A981D37B}" = Cornelsen Werkzeuge 3.5
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CA639106-E2CF-4A93-BEEB-E6232C5C6835}" = Cornelsen Werkzeuge 3.5 English G 21 4 A
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.4.134
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Cornelsen_DUP_322589" = English G 21, A4 - Digitaler Unterrichtsplaner
"CornelsenSTVP97" = Cornelsen Stoffverteilungsplaner 9.7
"D-Fend Reloaded" = D-Fend Reloaded 1.1.0 (deinstallieren)
"Digital Camera Driver" = Digital Camera Driver
"Doxillion" = Doxillion Document Converter
"DPP" = Canon Utilities Digital Photo Professional 3.6
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyCapture4.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ExpressBurn" = Express Burn CD DVD Blu-Ray Brenner
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.423
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"FreeCommander_is1" = FreeCommander 2009.02b
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.4.0
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotpot_is1" = HotPotatoes v 6.3.0.4
"ImgBurn" = ImgBurn
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NCH_EN Toolbar" = NCH EN Toolbar
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"OVT Scanner" = Uninstall OVT Scanner
"PC-Doctor for Windows" = PC-Doctor für Windows
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"PS3 Media Server" = PS3 Media Server
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Switch" = Switch Sound File Converter
"TVWiz" = Intel(R) TV Wizard
"VDMSound" = VDMSound
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.5
"vShare.tv plugin" = vShare.tv plugin 1.0
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX Video Converter_is1" = WinX Video Converter 4.5.10
"XnView_is1" = XnView 1.97.6
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 09:35:41 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 03.07.2012 04:39:26 | Computer Name = Wrathchild | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/03 10:39:26.101]: [00001040]: CUsbScnDev: DeviceIoControl
Illegal response
Error - 03.07.2012 06:35:31 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme\Cornelsen\Gemeinsame
Dateien\Werkzeuge 3.5\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Programme\Cornelsen\Gemeinsame Dateien\Werkzeuge 3.5\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 03.07.2012 06:35:32 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 03.07.2012 07:06:28 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme\Cornelsen\Gemeinsame
Dateien\Werkzeuge 3.5\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Programme\Cornelsen\Gemeinsame Dateien\Werkzeuge 3.5\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 03.07.2012 07:06:28 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 03.07.2012 07:08:31 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 04.07.2012 07:13:30 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Programme\Cornelsen\Gemeinsame
Dateien\Werkzeuge 3.5\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Programme\Cornelsen\Gemeinsame Dateien\Werkzeuge 3.5\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 04.07.2012 07:13:30 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 04.07.2012 07:17:03 | Computer Name = Wrathchild | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
[ Cisco AnyConnect VPN Client Events ]
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 03.07.2012 16:12:04 | Computer Name = Wrathchild | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ Media Center Events ]
Error - 07.05.2012 03:34:47 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 09:34:47 - Fehler beim Herstellen der Internetverbindung. 09:34:47
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 03:34:56 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 09:34:52 - Fehler beim Herstellen der Internetverbindung. 09:34:52
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 04:39:10 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 10:39:10 - Fehler beim Herstellen der Internetverbindung. 10:39:10
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 04:39:18 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 10:39:15 - Fehler beim Herstellen der Internetverbindung. 10:39:15
- Serververbindung konnte nicht hergestellt werden..
Error - 16.05.2012 07:46:55 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 13:46:55 - Fehler beim Herstellen der Internetverbindung. 13:46:55
- Serververbindung konnte nicht hergestellt werden..
Error - 16.05.2012 07:47:06 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 13:47:00 - Fehler beim Herstellen der Internetverbindung. 13:47:00
- Serververbindung konnte nicht hergestellt werden..
Error - 16.05.2012 08:47:12 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 14:47:12 - Fehler beim Herstellen der Internetverbindung. 14:47:12
- Serververbindung konnte nicht hergestellt werden..
Error - 16.05.2012 08:47:18 | Computer Name = Wrathchild | Source = MCUpdate | ID = 0
Description = 14:47:18 - Fehler beim Herstellen der Internetverbindung. 14:47:18
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 15.06.2010 05:51:02 | Computer Name = Wrathchild | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 159
seconds with 60 seconds of active time. This session ended with a crash.
Error - 15.10.2011 06:23:13 | Computer Name = Wrathchild | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4176
seconds with 3300 seconds of active time. This session ended with a crash.
Error - 29.02.2012 06:59:27 | Computer Name = Wrathchild | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6767
seconds with 4500 seconds of active time. This session ended with a crash.
Error - 27.03.2012 08:09:38 | Computer Name = Wrathchild | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2255
seconds with 1980 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\System32\bcmihvsrv.dll Fehlercode: 21
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:22 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:23 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:23 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.07.2012 04:17:24 | Computer Name = Wrathchild | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Danke für die Hilfe! |
