In Ordnung, ich danke dir schon mal im Voraus sehr für deine Mühe. Ich hoffe es werden keine vertraulichen Daten hier öffentlich im Forum gepostet...
Angeschlossen war während des Scans meine externe Platte die 2 Partitionen hat.
Extras.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 09.05.2013 16:17:27 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 29,44% Memory free
6,22 Gb Paging File | 2,92 Gb Available in Paging File | 46,96% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,88 Gb Total Space | 1,34 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive D: | 182,00 Gb Total Space | 82,00 Gb Free Space | 45,06% Space Free | Partition Type: NTFS
Drive F: | 465,83 Gb Total Space | 1,21 Gb Free Space | 0,26% Space Free | Partition Type: NTFS
Drive H: | 465,56 Gb Total Space | 322,66 Gb Free Space | 69,31% Space Free | Partition Type: FAT32
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B9F681-96E7-486F-8045-E5CA8BAD2209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F926404-25A0-4D52-92FA-90F45A80BE2A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1958B11C-F1B9-4D7D-9177-0084E29679F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21FBADF4-A125-4407-B6A5-665E7F3AD009}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24140EBC-A09A-4A91-A468-91D79B35EB4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2484F356-B76D-4C60-8064-9F7BB9A9212A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BD51217-E6CB-43E2-BE9D-3792DB532E2D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{32DF3CF1-4CBF-4DD3-9B09-F54F9E387853}" = lport=3390 | protocol=6 | dir=in | app=system |
"{33D231E8-63A3-40AC-9505-BE6F3BDC45DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{380992D6-7B6E-4E67-A141-7BB1EBEB9B6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E88E1F-CDE2-4049-BC31-840640284514}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{392CE8B4-AFE6-4B35-BFAE-CEB0E17A9B9E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3C8B1D65-CDC2-4341-B55E-78F9F0473AF2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3D1A2F47-D56C-4463-B8E1-8CE0F525B25C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3FC8A2CD-25DB-4810-B0DF-0D7602F96750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FCFB53A-2D30-49FB-8348-61EBFFDEFB5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45918B47-734F-4671-B88D-9045B645A195}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6213AFAF-56D7-4144-B23E-65DF7A062A68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6435C2F5-623F-43A2-BC8C-391755B8C475}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67922FB6-C00A-4F84-9543-B02FB9D76E08}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{67C0F5C1-BD97-45D3-B668-C7CD665FD392}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6800322B-E183-4D17-AA67-56F9C84BBBB0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{885DDFEE-ECC2-458C-AA4E-AFDAC929C7EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{951F7DD5-3FA0-4C57-823E-25AD2F9118DF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98E6CE89-1E2E-465A-87BF-92E6D218F0AA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BC8BDE5-2D43-440B-8938-D348F262B9B1}" = rport=10244 | protocol=6 | dir=out | app=system |
"{ABCE8658-12FE-47DA-879A-9F4CAAED9D39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B09D5F60-FE73-415B-950E-CB0714166E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B63830EC-0AAC-4FCA-A587-447F5ABDD215}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BA8D5678-A8E1-44E6-934C-BCDC2ACC8613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF12A24D-B542-4388-8D6D-D29E6A948848}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C85AEE7B-83B6-4DD3-A71F-DACE8BAB70E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFEA2DA0-C909-45DC-B6C2-21C67AFD62D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE31F7EA-701C-4769-8C44-880FDF3A2B2E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E59E3407-33AA-4F9F-8286-F759AE282C65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7B6A0DF-8819-46EB-8F09-F1AEE30D2E58}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBB1D389-7963-411D-9EBB-1FD738266E0A}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
"{EC092DC5-98A3-4FAA-B951-5B6E3B8F0A32}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECB455E1-DF58-40DE-9418-F47E835C200B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFF2C2C2-E18E-4E46-AC7E-5D650CAAB9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03128E8B-AAEA-4B7D-A645-CE8F38714716}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{057CC98F-3BDA-42F9-A3F7-C46C9622F6F3}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{0C682038-637A-4216-B0B8-E4360D546DD3}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{13B34E19-AAEB-4C27-9FA2-52E27A832E42}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{19B9FBB8-501B-4352-9784-A12992009225}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{265C6D09-F3B0-43AA-B333-AECAB097B0AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CE5843C-82B3-4294-9E95-C06A192581A8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{3F823B1A-8BEF-4F52-BA75-CFB96B00E622}" = protocol=6 | dir=in | app=d:\avatar\bin\avatar.exe |
"{4D2C4EAE-2911-449A-9D9D-A8B17F1E2B0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E0F8CAE-8739-419D-B61A-86B41A73CACB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52FDDBAA-53D9-441D-8AEF-416BC5771497}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{599CC9AB-231C-4956-82C7-8D8EA3CF58D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A0DA669-7AE0-4EC9-B599-C8E9B86920AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C9FB055-3E9A-44B1-911B-A9D864302EDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E93FA4A-B089-4260-8E1C-9E6F8C045D16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{708F3A2B-C240-4FD1-98A4-92257F050FFB}" = protocol=6 | dir=out | app=system |
"{71AECD10-B940-4A61-9DBF-44C76B4AD0C8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7EF9F2C8-B473-46AB-89E1-75ECB1A23B52}" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"{82A9B3EB-6188-48E2-BD42-E30B7E3B02B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8382734C-C8D1-4FA2-8585-78799DF1DD4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83AB05C6-B61D-47A6-8BF2-78BFB88867E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94957FF9-14EA-42AD-9911-25DD8682FAA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{972A4537-7CA1-4DE5-97EE-74C7BAA9A0AB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{98368AE1-53BF-46A0-B5C7-399141EFB10E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9B536AFE-3142-45B1-AA8F-2EFF56C499E2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B209FBC9-B928-4451-9DA7-8F2B79CD0956}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2BD176F-B7EA-4A01-B21E-59C9784E730A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B32455C8-65E9-4C83-A8F6-66580DA83A82}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{B4BB32AD-C80C-4B76-8253-2D3330979461}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B5EEC94C-3164-4691-ADF6-42DCA4AE0B8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB73F8F1-A1B8-44EE-B7BD-309FD3FC3943}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE714BD0-9C53-4BCF-902E-1D2839CA84FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF38DB1D-35CF-4812-A2A8-0FDE2D679D0E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D1B8AAC7-EAD1-4E89-82B0-6F7A1D841EC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA5986A1-AC76-468E-BE42-3C0CCD0894D4}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{E005FCF5-2DC4-4F4C-89E5-3C1E2672D8BF}" = protocol=17 | dir=in | app=d:\avatar\bin\avatarlauncher.exe |
"{E4CC8D85-348C-476C-8E52-567BC748AA37}" = protocol=6 | dir=in | app=d:\avatar\bin\avatarlauncher.exe |
"{E961DAF4-8D2F-4015-A091-04CDEFEF5BDD}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{E9F0A1AB-E2F2-43A0-ABE0-1F6990A88200}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{F4354AE6-FDBE-407B-93C8-792C09731856}" = protocol=17 | dir=in | app=d:\avatar\bin\avatar.exe |
"{F6A4DB30-CDBD-4923-AFCE-EB3318298D55}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FFA01A7B-3962-4FB8-90DC-7D7742AD56AF}" = protocol=17 | dir=in | app=c:\users\general XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{11DCA69A-6FC7-42EF-8972-842CCA13A7E7}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2104991F-57F9-4343-B951-7A9D80E4117B}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{3E9DCC5B-6546-4957-9ED2-C32D82AC4A3C}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{471A5111-DDD9-42E2-B667-89CAC81609E4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{596B45BA-0711-4F67-A678-D6E7B6518614}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5F08205D-FDB0-4B3E-A3F9-105BC0D95801}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{61A40DDF-F88F-418E-A817-E74165FC3259}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{781F61E8-E872-4FB9-AC04-2955E07B020B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8D92669B-75E3-4B3E-8C46-895DB634D7E8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{94B24CDD-39D5-4822-A907-F72BFD229AC8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{986A0B19-3CBF-494A-A3CA-9BD71D0F4D08}D:\quantumgis\apps\udig\udig_internal.exe" = protocol=6 | dir=in | app=d:\quantumgis\apps\udig\udig_internal.exe |
"TCP Query User{BE312FCB-A6F8-44EC-AB05-EBD25CF602CC}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"TCP Query User{C1484956-EEE2-4CC2-8824-439DE72FA8D8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DAFDCCB7-3193-45ED-9CB7-E3D187D4AC2B}C:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe |
"TCP Query User{F74F3362-BCF7-4242-8580-71A52A60C835}D:\quantumgis\bin\javaw.exe" = protocol=6 | dir=in | app=d:\quantumgis\bin\javaw.exe |
"UDP Query User{4EA51141-F025-4024-A7C5-710E5CC59337}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5F250EB7-04DD-456A-8A9C-B342ACF79871}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{63410484-20F0-4318-B753-0B898C7967D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{640DF4EF-26C1-442D-B8B7-9372B402D08E}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{8245BFC0-F55A-4849-9550-74E729DA6206}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{9E4235A6-F08F-4B45-97BB-C8703F98124F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A66B2557-65C3-4A9D-B625-89728B831AE3}D:\quantumgis\apps\udig\udig_internal.exe" = protocol=17 | dir=in | app=d:\quantumgis\apps\udig\udig_internal.exe |
"UDP Query User{AFDCF9DC-1EBE-4688-84D0-11FE9BD4417D}C:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe |
"UDP Query User{BBD0FDBD-2A1E-44D4-A328-B0BCD4282A5A}D:\quantumgis\bin\javaw.exe" = protocol=17 | dir=in | app=d:\quantumgis\bin\javaw.exe |
"UDP Query User{C3D2F7D3-8D0E-4F43-ACD1-3C438C975419}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CB22E753-188E-4F66-B155-ACB8C23F77B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CB3C30D9-A804-4B05-93F0-74BAB3A19DB5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D57359DF-894C-4C89-80B5-4076486106D5}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{DCBAAC70-5B53-4CA8-A2FC-A104828E7B4B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{EBE12859-1936-4CA6-B282-AF60FAFFC273}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish
"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista
"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static
"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional
"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation
"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French
"{76902AF9-DA86-419D-B533-077643124722}" = Sony ACID Pro 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese
"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish
"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek
"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese
"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager
"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch
"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish
"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean
"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian
"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German
"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English
"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish
"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish
"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard
"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean
"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian
"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish
"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins
"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Forexyard MetaTrader 4" = Forexyard MetaTrader 4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"htmltads.exe" = HTML TADS Player Kit
"ImageJ_is1" = ImageJ 1.44p
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MARK 7.0" = MARK 7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Quantum GIS Lisboa" = Quantum GIS Lisboa 1.8.0 Lisboa
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.0.6 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Transcribe!_is1" = Transcribe! 8.31
"VLC media player" = VLC media player 1.1.4
"Web_4.0.1460.0" = Microsoft Expression Web 4
"WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.4.5.5
"WinRAR archiver" = WinRAR
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2013 08:04:11 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.05.2013 08:04:11 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1388
Error - 09.05.2013 08:04:11 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1388
Error - 09.05.2013 08:04:12 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.05.2013 08:04:12 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2621
Error - 09.05.2013 08:04:12 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2621
Error - 09.05.2013 08:04:14 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.05.2013 08:04:14 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071
Error - 09.05.2013 08:04:14 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071
Error - 09.05.2013 10:08:33 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 2284 Anfangszeit: 01ce4cbacdb6f270 Zeitpunkt der Beendigung:
12
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 08.05.2013 15:15:22 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 08.05.2013 15:15:27 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:27 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:27 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 08.05.2013 15:15:32 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:32 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:32 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 08.05.2013 15:15:38 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:38 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.05.2013 15:15:38 | Computer Name = XXX | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
650 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ Media Center Events ]
Error - 29.04.2012 14:35:27 | Computer Name = XXX | Source = Mcx2Dvcs | ID = 405
Description =
Error - 29.04.2012 14:40:05 | Computer Name = XXX | Source = McrMgr | ID = 107
Description =
Error - 29.04.2012 14:40:52 | Computer Name = XXX | Source = McrMgr | ID = 107
Description =
Error - 29.04.2012 14:41:43 | Computer Name = XXX | Source = McrMgr | ID = 107
Description =
Error - 29.04.2012 14:42:47 | Computer Name = XXX | Source = McrMgr | ID = 107
Description =
Error - 29.04.2012 14:43:51 | Computer Name = XXX | Source = McrMgr | ID = 107
Description =
[ OSession Events ]
Error - 05.02.2010 18:48:35 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 282960
seconds with 29340 seconds of active time. This session ended with a crash.
Error - 07.02.2010 09:58:02 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140953
seconds with 4560 seconds of active time. This session ended with a crash.
Error - 30.03.2010 09:11:35 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 259436
seconds with 4560 seconds of active time. This session ended with a crash.
Error - 30.05.2010 08:50:37 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 89167
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 19.08.2010 17:40:39 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.06.2011 06:35:58 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 91245
seconds with 5100 seconds of active time. This session ended with a crash.
Error - 23.11.2011 06:24:21 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31586
seconds with 660 seconds of active time. This session ended with a crash.
Error - 16.04.2013 17:06:08 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.05.2013 15:12:59 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description =
Error - 08.05.2013 15:12:59 | Computer Name = XXX | Source = Service Control Manager | ID = 7011
Description =
Error - 08.05.2013 15:13:27 | Computer Name = XXX | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0013776C4860 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%258. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 08.05.2013 15:15:02 | Computer Name = XXX | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 07:29:00 | Computer Name = XXX | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 09.05.2013 07:41:27 | Computer Name = XXX | Source = bowser | ID = 8003
Description =
Error - 09.05.2013 07:53:28 | Computer Name = XXX | Source = bowser | ID = 8003
Description =
Error - 09.05.2013 09:17:33 | Computer Name = XXX | Source = bowser | ID = 8003
Description =
Error - 09.05.2013 09:29:34 | Computer Name = XXX | Source = bowser | ID = 8003
Description =
Error - 09.05.2013 09:41:34 | Computer Name = XXX | Source = bowser | ID = 8003
Description =
< End of report >
--- --- ---
OTL.text:
OTL Logfile: Code:
OTL logfile created on: 09.05.2013 16:17:27 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\General Easy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 29,44% Memory free
6,22 Gb Paging File | 2,92 Gb Available in Paging File | 46,96% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,88 Gb Total Space | 1,34 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive D: | 182,00 Gb Total Space | 82,00 Gb Free Space | 45,06% Space Free | Partition Type: NTFS
Drive F: | 465,83 Gb Total Space | 1,21 Gb Free Space | 0,26% Space Free | Partition Type: NTFS
Drive H: | 465,56 Gb Total Space | 322,66 Gb Free Space | 69,31% Space Free | Partition Type: FAT32
Computer Name: GENERALEASY | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\WinUHA\shellwinuha.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a9sanmgx) -- File not found
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsisoft GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (SE27mdm) -- C:\Windows\System32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\Windows\System32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{DE2D1A3E-95BE-42F3-B8D0-9E191ACF94CB}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{E14811B2-F5DB-45B9-B7D5-4FD7D6DA9DA7}: "URL" = hxxp://www.benefind.de/result.html?q={searchTerms}
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.09 15:37:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 19:36:15 | 000,000,000 | ---D | M]
[2009.01.10 21:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2013.04.30 19:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\udhwr9qy.default\extensions
[2013.04.30 19:02:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\udhwr9qy.default\extensions\ich@maltegoetz.de
[2012.03.02 22:52:49 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\udhwr9qy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.03.02 22:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.15 12:39:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.09 15:37:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.05.09 15:37:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.09 15:37:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.05.09 15:37:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.03 23:56:37 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2013.05.09 15:37:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.09 15:37:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.05.09 15:37:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2378140445-2909387748-784235094-1003..\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe FG00 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.0.100
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{489e9d28-14d4-11df-b331-0013776c4860}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.09 15:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.09 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.05.09 01:05:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2013.05.02 16:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.05.01 19:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.01 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.30 14:00:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.04.22 19:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.04.17 00:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.04.17 00:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013.04.17 00:20:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Anti-Malware
[2013.04.16 23:50:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.15 19:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.15 19:28:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.12 14:26:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.12 14:26:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.12 14:26:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.12 14:26:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.12 14:26:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.12 14:26:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.12 14:26:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.12 14:26:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.11 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Qiusy
[2013.04.11 16:53:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Ukigod
[2013.04.11 16:53:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Lyugvu
[2013.04.10 14:43:30 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 14:43:30 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 14:43:29 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 14:43:23 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 14:43:19 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[14 C:\Users\XXX\Desktop\*.tmp files -> C:\Users\XXX\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.09 16:20:35 | 000,699,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.09 16:20:35 | 000,655,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.09 16:20:35 | 000,156,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.09 16:20:35 | 000,128,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.09 15:57:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.09 15:23:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 15:23:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 14:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 13:57:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.09 01:05:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2013.05.07 22:23:15 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2013.05.07 22:22:49 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 22:21:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.05 23:37:41 | 000,057,856 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.01 19:22:12 | 095,023,320 | ---- | M] () -- C:\ProgramData\44ff.pad
[2013.05.01 19:13:53 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.01 19:13:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.30 14:00:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\94hh.pad
[2013.04.30 14:00:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.04.17 00:22:47 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.04.15 19:28:47 | 000,000,570 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.15 16:45:02 | 000,405,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[14 C:\Users\XXX\Desktop\*.tmp files -> C:\Users\XXX\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.30 14:00:38 | 095,023,320 | ---- | C] () -- C:\ProgramData\94hh.pad
[2013.04.30 14:00:38 | 095,023,320 | ---- | C] () -- C:\ProgramData\44ff.pad
[2013.04.29 18:55:25 | 001,919,022 | ---- | C] () -- C:\Users\XXX\Desktop\Foto.JPG
[2013.04.17 00:22:47 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.04.15 19:28:47 | 000,000,570 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.14 12:47:24 | 000,000,004 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\skype.ini
[2012.11.08 01:16:13 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOAZXAAL.DLL
[2010.03.23 23:26:40 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.10 10:29:40 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2009.03.30 12:31:21 | 000,000,100 | ---- | C] () -- C:\Users\XXX\AppData\Local\fusioncache.dat
[2009.03.13 23:09:37 | 000,000,012 | ---- | C] () -- C:\Users\XXX\tmpifo.bat
[2009.02.17 16:35:47 | 000,033,727 | ---- | C] () -- C:\Users\XXX\ge_4_0.jar
[2009.02.17 16:24:20 | 000,000,313 | ---- | C] () -- C:\Users\XXX\.authorrc1
[2009.02.17 14:58:22 | 000,514,875 | ---- | C] () -- C:\Users\XXX\thes_am_6_0.jar
[2009.02.17 14:58:21 | 000,000,168 | ---- | C] () -- C:\Users\XXX\EditLiveForJava.ini
[2009.01.22 21:14:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.30 14:16:18 | 000,057,856 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\XXX\Desktop\Elephant Man - Dancehall Soca (2008) (mp3cut.net).mp3:TOC.WMV
< End of report >
--- --- --- |
Lesestoff:
GMER herunter: (Dateiname zufällig) 
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
