| Trivandrum | 09.03.2012 18:35 |
okay, geschafft:
OTL Logfile: Code:
OTL logfile created on: 09.03.2012 18:01:40 - Run 3
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\janka\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 75,00% Memory free
3,98 Gb Paging File | 3,69 Gb Available in Paging File | 92,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 41,80 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 11,06 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
Computer Name: JANKA-PC | User Name: janka | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.08 10:33:38 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\janka\Downloads\OTL.exe
PRC - [2012.02.16 15:55:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.02.16 15:55:51 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.01 11:56:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 07:49:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006.12.10 17:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Stopped] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ipswuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011.07.01 11:56:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 11:56:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.05.18 13:18:24 | 000,067,968 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2007.01.19 16:19:12 | 001,324,544 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2007.01.03 00:37:48 | 000,011,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\P4G\WCPU.sys -- (WCPU)
DRV - [2006.12.28 17:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 16:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.12.13 19:00:08 | 000,025,600 | ---- | M] (Attansic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L260x86.sys -- (Atc002)
DRV - [2006.12.08 01:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.12.08 01:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.10.09 20:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2102572
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {2F277093-48A9-4429-AEEC-AAA3F458DEDA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{2F277093-48A9-4429-AEEC-AAA3F458DEDA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Users\janka\Downloads\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\janka\Downloads\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.05 14:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.03.05 14:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\janka\AppData\Roaming\mozilla\Extensions
[2012.03.09 17:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.09 17:34:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.09 17:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.03.08 16:40:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [{0E330D6F-EC24-11DD-9B90-806E6F6E6963}] C:\Users\janka\AppData\Roaming\Microsoft\torrent.exe ()
O4 - Startup: C:\Users\janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.photodose.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn-server.rrzn.uni-hannover.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E723881F-6E37-4CC1-AB45-21C6A8C62A46}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF84D312-EE25-4CBC-B693-0D1E89F07D92}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\janka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\janka\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.09 17:41:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.09 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.09 17:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.09 17:33:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.03.09 17:21:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.09 17:21:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.09 17:21:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.09 17:14:29 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.09 17:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.03.09 17:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.03.09 17:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.03.09 17:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.03.09 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.09 14:49:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.03.09 14:49:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.03.09 14:49:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.03.09 13:46:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.03.08 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\janka\AppData\Roaming\Malwarebytes
[2012.03.08 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.08 20:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.08 20:27:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.08 20:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.08 17:09:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.08 16:48:54 | 000,000,000 | ---D | C] -- C:\Users\janka\AppData\Local\temp
[2012.03.08 16:40:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.03.08 16:28:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.08 16:28:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.08 16:28:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.08 16:28:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.08 16:28:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.08 16:09:20 | 000,889,968 | ---- | C] (Babylon Ltd.) -- C:\Users\janka\Desktop\Babylon9_setup.exe
[2012.03.08 16:07:58 | 004,430,843 | R--- | C] (Swearware) -- C:\Users\janka\Desktop\ComboFix.exe
[2012.03.08 13:30:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.05 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\janka\AppData\Roaming\Mozilla
[2012.03.05 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\janka\AppData\Local\Mozilla
[2012.03.05 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.03.03 18:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.03.03 18:51:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
========== Files - Modified Within 30 Days ==========
[2012.03.09 17:44:08 | 000,632,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.09 17:44:08 | 000,599,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.09 17:44:08 | 000,128,212 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.09 17:44:08 | 000,105,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.09 17:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.09 17:33:30 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.09 17:20:45 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.09 17:20:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.09 17:20:45 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.09 17:20:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.03.09 17:14:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.03.09 17:14:17 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.09 17:14:17 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.09 17:08:00 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.09 16:57:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 16:57:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 15:24:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.03.09 14:56:57 | 000,277,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 14:53:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.03.08 20:27:26 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.08 16:40:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.08 16:09:22 | 000,889,968 | ---- | M] (Babylon Ltd.) -- C:\Users\janka\Desktop\Babylon9_setup.exe
[2012.03.08 16:08:28 | 004,430,843 | R--- | M] (Swearware) -- C:\Users\janka\Desktop\ComboFix.exe
[2012.03.08 11:20:10 | 000,000,000 | ---- | M] () -- C:\Users\janka\defogger_reenable
[2012.03.08 10:50:58 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.03.08 10:50:57 | 000,077,824 | ---- | M] () -- C:\Users\janka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.07 17:08:58 | 188,381,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.05 14:25:43 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2012.03.09 17:14:17 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.03.09 17:14:17 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.09 17:08:00 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.03.09 17:08:00 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.03.08 20:27:26 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.08 16:28:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.08 16:28:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.08 16:28:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.08 16:28:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.08 16:28:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.08 11:20:10 | 000,000,000 | ---- | C] () -- C:\Users\janka\defogger_reenable
[2012.03.05 14:25:43 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.05 14:25:43 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.24 17:13:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.29 18:06:39 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010.11.29 18:06:39 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010.11.29 18:06:39 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010.11.29 17:58:13 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.11.29 17:58:13 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.13 17:50:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.07 13:33:35 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.05.02 20:17:31 | 000,000,018 | ---- | C] () -- C:\Windows\ssetup.ini
========== LOP Check ==========
[2009.02.19 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\Canon
[2010.02.07 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\elsterformular
[2010.11.25 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\FreeAudioPack
[2009.01.28 21:15:26 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\Miranda
[2010.11.22 14:29:25 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\Scientific Software
[2012.03.09 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\StarOffice8
[2011.02.24 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\UDC Profiles
[2011.02.24 17:07:32 | 000,000,000 | ---D | M] -- C:\Users\janka\AppData\Roaming\WordToPDF
[2012.03.09 14:53:50 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
und
OTL Logfile: Code:
OTL Extras logfile created on: 09.03.2012 18:01:40 - Run 3
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\janka\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 75,00% Memory free
3,98 Gb Paging File | 3,69 Gb Available in Paging File | 92,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 41,80 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 11,06 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
Computer Name: JANKA-PC | User Name: janka | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1331460E-B590-4AFB-8603-73FE6D222879}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EC5F36A-0D12-4DDE-B804-EB6A53C5A708}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3259E05C-38C1-4087-A7B3-6766781E5D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{33CFD4D0-0DB2-4F95-A514-94E4BE68C109}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35F1B5CE-ACF8-401E-BBC9-3A722E77D980}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B500FAA-74C6-4FF3-88D3-143B2CDAB40D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B665BE4-6869-4D89-AE92-94163397BFCD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4CF29A67-8032-4409-9897-C85640FE8811}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{525E39D6-CB13-43EB-8489-FAE0EFEE9A71}" = lport=137 | protocol=17 | dir=in | app=system |
"{53A89469-2A6C-4D4A-99AB-AFAA84F479C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{54679428-10C0-4EC8-AED2-6768E60CE652}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59C4ADAC-156A-4299-ADD9-8DA74FEABD10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6546DC7F-F3DC-4C77-8750-4C45EB86CB50}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73FC3AC9-403D-480B-85CA-ED73BDCF41A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{8026C332-3A9B-4E68-B971-5BCC3FBB3977}" = lport=445 | protocol=6 | dir=in | app=system |
"{83BFA2E7-FA2A-47B7-A8E8-3D5ED5DE6DD9}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DECB48A-29C3-4172-97B6-D212510825F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{90052951-F440-4EBB-91E1-E73C826F8156}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92E7EE81-4D78-4FD8-9B30-FE812D1E332B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9BDC01F3-521D-4F76-A68B-36F0C5975B63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0DC2738-F1AD-45B1-9B81-95C4D1AA0933}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B80EE33D-5478-4B79-87F3-44C8FD5F27A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2C5D045-4764-42C5-9198-A229DDCE2F7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD566E88-255C-4D32-87ED-9FA01C69ED02}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2A2F446-7FF9-4E1F-B4CD-EFE8036C1074}" = rport=137 | protocol=17 | dir=out | app=system |
"{F4FCD3B3-4949-4709-9632-6F99F977DB30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCFD4861-3929-407A-AF2C-342FBB91E70D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073A3800-60AA-4E07-9911-F9BB8D13F5BD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{13BB991E-E367-4D8F-9521-F94B757C3146}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F2E5710-5833-4FF0-B3A1-016DFB989F9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FF348E0-717F-4397-9E24-386367E0A35F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31FF50AA-75C9-4DE2-8E8B-3EBA22F6A1D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3ED10B2F-4308-4A6C-95F9-50B28DF6253C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46B08AA2-C2E6-4829-AB67-85A408C294D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{667A8EB1-CFEC-4CBB-B2E5-A060937324EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82E346F1-4485-4287-B0B7-5F7EE8B6C88E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8AE05991-DF8D-4A22-B6D3-D373F0BCE783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C0E07CC-FD24-48AC-9B92-F9EDE7310A8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5258A3D-0B61-47AA-B059-C38B0AF46E75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE004F72-4D96-44D8-8773-2ADB8684CF41}" = protocol=6 | dir=out | app=system |
"{C1E05AFA-2A3C-4870-BF4C-ADD24751812D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C23E2D7A-D908-45D5-9103-D601F99F38F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5770090-7E31-4D66-AD1F-FEBBC6A77F7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D748D32E-0F4C-4929-92EB-99951C944B2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E87605A2-D99A-45ED-92FB-F2A0F02A6B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5B8025EF-2449-41FE-9E20-C6FBE5D1F4E2}C:\program files\spssinc\statistics17\statistics.exe" = protocol=6 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe |
"TCP Query User{A4B37A3F-F184-4CB5-BA10-1C34FB7A14AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B26D7D9B-06E4-4F10-B488-AC5AD4F07025}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{D563AA5A-97C3-4255-B7ED-60953FE7E9F1}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{1450BF88-C364-4BDE-88DB-AC8A0985DFF2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{815D5560-F290-4358-BBAA-7179FD96B4DC}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{C5A14ABF-0648-4169-A4BC-C4E0D8478934}C:\program files\spssinc\statistics17\statistics.exe" = protocol=17 | dir=in | app=c:\program files\spssinc\statistics17\statistics.exe |
"UDP Query User{F91FB6DD-B1B6-4732-A0FC-D7F3B82A4774}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC1CB2B-FDCE-4DB4-A557-BA8127569B0D}" = StarOffice 8
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81031}" = Nero 7 Essentials
"{BF8780F3-CB8E-4AB0-9AA4-52E1BD574226}" = ATLAS.ti 6.2 Demo
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0
"CCleaner" = CCleaner (remove only)
"ElsterFormular 11.1.0 11.1.0.***unknown variable buildnummer***" = ElsterFormular 11.1.0
"f4" = f4 3.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"WordToPDF_is1" = WordToPDF 2.4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2011 16:14:18 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18565 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1064 Anfangszeit: 01cbe670a90e356c Zeitpunkt
der Beendigung: 31
Error - 19.03.2011 17:16:00 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18565 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 13d4 Anfangszeit: 01cbe67a9b328781 Zeitpunkt
der Beendigung: 0
Error - 22.03.2011 12:02:51 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18565 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: bb0 Anfangszeit: 01cbe8a808dcae6d Zeitpunkt
der Beendigung: 172
Error - 22.03.2011 12:06:01 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 10.0.6866.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: dc4 Anfangszeit: 01cbe8aad6369487 Zeitpunkt der
Beendigung: 47
Error - 22.03.2011 12:15:39 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 10.0.6866.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: d4 Anfangszeit: 01cbe8ab10e44570 Zeitpunkt der
Beendigung: 16
Error - 22.03.2011 12:18:00 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18565 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 7b4 Anfangszeit: 01cbe8aa9b8b8dc4 Zeitpunkt
der Beendigung: 94
Error - 03.04.2011 11:47:29 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm POWERPNT.EXE, Version 10.0.6858.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12d4 Anfangszeit: 01cbf2160a75b91f Zeitpunkt
der Beendigung: 31
Error - 03.04.2011 11:48:17 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm POWERPNT.EXE, Version 10.0.6858.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 17ac Anfangszeit: 01cbf21676aa0a7d Zeitpunkt
der Beendigung: 125
Error - 03.04.2011 11:53:09 | Computer Name = janka-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 10.0.6866.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1244 Anfangszeit: 01cbf216944ba00f Zeitpunkt der
Beendigung: 47
Error - 04.04.2011 13:21:03 | Computer Name = janka-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18565, Zeitstempel
0x4d0f5fa9, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x8e8a770b, Prozess-ID 0xc10, Anwendungsstartzeit
01cbf2e87d4acd67.
[ Cisco AnyConnect VPN Client Events ]
Error - 08.03.2012 12:03:07 | Computer Name = janka-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.03.2012 12:03:07 | Computer Name = janka-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.03.2012 12:03:07 | Computer Name = janka-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.03.2012 12:03:07 | Computer Name = janka-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.03.2012 12:03:07 | Computer Name = janka-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 08.03.2012 12:03:35 | Computer Name = janka-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.03.2012 12:24:00 | Computer Name = janka-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.03.2012 17:38:02 | Computer Name = janka-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 09.03.2012 04:55:39 | Computer Name = janka-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 09.03.2012 12:16:28 | Computer Name = janka-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- --- |
