OTL Extras logfile created on: 26.08.2012 14:21:54 - Run 1 OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\Corinna\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,37% Memory free 4,22 Gb Paging File | 3,11 Gb Available in Paging File | 73,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 88,95 Gb Free Space | 59,68% Space Free | Partition Type: NTFS Computer Name: CORINNA-PC | User Name: Corinna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1179406723-2147790156-3691929512-1000\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\Foto Paradies\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Foto Paradies] -- "C:\Program Files\dm\Foto Paradies\Foto Paradies.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F22C2B5-30F1-40B0-B07D-48E5CF06A1B4}" = rport=138 | protocol=17 | dir=out | app=system | "{11F8C2DF-5631-4E32-9A1D-FF933A20B341}" = rport=137 | protocol=17 | dir=out | app=system | "{1D7CCF1F-BFB9-4844-A606-3BDAD20701F4}" = lport=139 | protocol=6 | dir=in | app=system | "{3910A6E3-D7AD-41E4-9122-914E1BBBD761}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4D313E0C-7E95-4C14-81F9-682C63CEE155}" = lport=138 | protocol=17 | dir=in | app=system | "{78B050A3-47B5-47F3-AF90-30C7E1945B86}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{792918E4-6E6C-4A99-851C-D451117B54AB}" = lport=445 | protocol=6 | dir=in | app=system | "{99D99B17-F8BF-4C90-A688-2A9D270B9918}" = rport=445 | protocol=6 | dir=out | app=system | "{AD2DFA6C-C4D9-43E2-A981-D37FBA082C8C}" = lport=137 | protocol=17 | dir=in | app=system | "{BB448859-01D5-4F8D-BC34-B42CF8E8CF53}" = rport=139 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1BE8E2C4-CF13-4958-8328-F981FADE8634}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C4A9904-405C-4FEB-A5A5-5DDE201EF93D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5F2B7955-DFA9-46A2-8F3A-C90B37ABF746}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{61DF741F-D26A-4898-AB4B-7887494D69ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FE56AF70-0056-44E9-A955-28297A5D60BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{3B8517A2-97C9-4765-BB1A-423615466019}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{864D58EA-0A1D-4478-B65B-C2D87C053AB9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{A2CD1924-483A-483D-B43E-E0DC8F513F79}D:\server.exe" = protocol=6 | dir=in | app=d:\server.exe | "TCP Query User{B6494E6F-7DDE-49CD-8E11-938417ABD376}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{6A16B54C-45BA-43D0-AADF-8184FB1BC7C7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{89D023B7-F70F-4C71-ACBC-BA6508BB1876}D:\server.exe" = protocol=17 | dir=in | app=d:\server.exe | "UDP Query User{9A2BD902-CBEC-4482-AA00-047A223667FD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{E70896D6-A96D-4195-869C-2E64C5BCFB41}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2 "{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C784F83-A3DD-4A8B-8D02-B89F51B3F706}" = HP ESU for Microsoft Vista "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90300407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte "{931AB7D3-B9DC-4DCB-9E24-5D382890CB8B}" = Vista Default Settings "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "DivX Setup" = DivX-Setup "Foto Paradies" = Foto Paradies "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "RealPlayer 12.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 22.08.2012 14:54:23 | Computer Name = Corinna-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SearchSettings.exe, Version 6.2.0.2, Zeitstempel 0x501173e8, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30304.0, Zeitstempel 0x47cce393, Ausnahmecode 0x40000015, Fehleroffset 0x0005bb47, Prozess-ID 0xbc4, Anwendungsstartzeit 01cd809782174169. Error - 22.08.2012 14:55:28 | Computer Name = Corinna-PC | Source = WinMgmt | ID = 10 Description = Error - 23.08.2012 06:04:49 | Computer Name = Corinna-PC | Source = Windows Search Service | ID = 3013 Description = Error - 24.08.2012 03:52:47 | Computer Name = Corinna-PC | Source = WinMgmt | ID = 10 Description = Error - 24.08.2012 03:54:32 | Computer Name = Corinna-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SearchSettings.exe, Version 6.2.0.2, Zeitstempel 0x501173e8, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30304.0, Zeitstempel 0x47cce393, Ausnahmecode 0x40000015, Fehleroffset 0x0005bb47, Prozess-ID 0xc28, Anwendungsstartzeit 01cd81cd57666e6a. Error - 24.08.2012 04:28:48 | Computer Name = Corinna-PC | Source = Windows Search Service | ID = 3013 Description = Error - 24.08.2012 04:28:48 | Computer Name = Corinna-PC | Source = Windows Search Service | ID = 3013 Description = Error - 24.08.2012 15:44:50 | Computer Name = Corinna-PC | Source = WinMgmt | ID = 10 Description = Error - 24.08.2012 15:44:56 | Computer Name = Corinna-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SearchSettings.exe, Version 6.2.0.2, Zeitstempel 0x501173e8, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30304.0, Zeitstempel 0x47cce393, Ausnahmecode 0x40000015, Fehleroffset 0x0005bb47, Prozess-ID 0xb84, Anwendungsstartzeit 01cd8230bd00b4ec. Error - 26.08.2012 07:14:50 | Computer Name = Corinna-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 25.08.2012 08:22:16 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 25.08.2012 08:22:16 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 25.08.2012 08:22:39 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67110873 Description = Termination reason code 9: Client PC is shutting down. Error - 26.08.2012 07:13:40 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 26.08.2012 07:46:53 | Computer Name = Corinna-PC | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED [ System Events ] Error - 22.08.2012 09:49:10 | Computer Name = Corinna-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001F3CDB8166 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 22.08.2012 10:19:14 | Computer Name = Corinna-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 001F3CDB8166 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 22.08.2012 14:57:33 | Computer Name = Corinna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 23.08.2012 02:26:18 | Computer Name = Corinna-PC | Source = bowser | ID = 8003 Description = Error - 23.08.2012 11:46:52 | Computer Name = Corinna-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001F3CDB8166 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 24.08.2012 03:51:13 | Computer Name = Corinna-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 23.08.2012 um 19:24:33 unerwartet heruntergefahren. Error - 24.08.2012 03:54:07 | Computer Name = Corinna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 24.08.2012 03:55:20 | Computer Name = Corinna-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse 001F3CDB8166 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 24.08.2012 15:45:42 | Computer Name = Corinna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 26.08.2012 07:15:57 | Computer Name = Corinna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >