Trojaner-Board - Externe Platte verseucht?

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista (TM) Home Premium x86

Ran by General Easy on 22.05.2013 at 22:51:06,90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

~~~ Services
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DE2D1A3E-95BE-42F3-B8D0-9E191ACF94CB}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\General Easy\AppData\Roaming\software4u"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\General Easy\AppData\Roaming\mozilla\firefox\profiles\udhwr9qy.default\minidumps [35 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22.05.2013 at 22:54:12,42

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adw-cleaner:
AdwCleaner Logfile:

Code:

# AdwCleaner v2.301 - Datei am 22/05/2013 um 23:01:22 erstellt

# Aktualisiert am 16/05/2013 von Xplode

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Benutzer : XXX - XXX

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\XXX\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\udhwr9qy.default\foxydeal.sqlite
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16476
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v20.0.1 (de)
 

Datei : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\udhwr9qy.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [2925 octets] - [17/04/2013 00:03:54]

AdwCleaner[R2].txt - [3044 octets] - [17/04/2013 00:10:59]

AdwCleaner[S1].txt - [359 octets] - [17/04/2013 00:05:54]

AdwCleaner[S2].txt - [3212 octets] - [17/04/2013 00:16:08]

AdwCleaner[S3].txt - [1167 octets] - [22/05/2013 23:01:22]
 

########## EOF - C:\AdwCleaner[S3].txt - [1227 octets] ##########

--- --- ---

[/code]

OTL Logfile:

Code:

OTL logfile created on: 22.05.2013 23:11:21 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,45% Memory free

6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,18% Paging File free

Paging file location(s): ?:\pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 40,88 Gb Total Space | 1,21 Gb Free Space | 2,96% Space Free | Partition Type: NTFS

Drive D: | 182,00 Gb Total Space | 90,25 Gb Free Space | 49,59% Space Free | Partition Type: NTFS

 

Computer Name: XXX | User Name: XXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)

PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()

MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()

MOD - C:\Windows\System32\btwhidcs.dll ()

MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll ()

MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()

MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()

MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()

MOD - C:\Programme\WinUHA\shellwinuha.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\Users\GENERA~1\AppData\Local\Temp\catchme.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (amud1r2v) --  File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)

DRV - (acsmux) -- C:\Windows\System32\drivers\acsmux.sys (Cisco Systems, Inc.)

DRV - (acsint) -- C:\Windows\System32\drivers\acsint.sys (Cisco Systems, Inc.)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()

DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SE27mdm) -- C:\Windows\System32\drivers\SE27mdm.sys (MCCI)

DRV - (SE27mdfl) -- C:\Windows\System32\drivers\SE27mdfl.sys (MCCI)

DRV - (SE27bus) -- C:\Windows\System32\drivers\SE27bus.sys (MCCI)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-i3752

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\SearchScopes\{E14811B2-F5DB-45B9-B7D5-4FD7D6DA9DA7}: "URL" = hxxp://www.benefind.de/result.html?q={searchTerms}

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.09 15:37:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 19:36:15 | 000,000,000 | ---D | M]

 

[2009.01.10 21:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions

[2013.04.30 19:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\udhwr9qy.default\extensions

[2013.04.30 19:02:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\udhwr9qy.default\extensions\ich@maltegoetz.de

[2012.03.02 22:52:49 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\udhwr9qy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012.03.02 22:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.15 12:39:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013.05.09 15:37:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013.05.09 15:37:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.05.09 15:37:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.05.09 15:37:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.06.03 23:56:37 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src

[2013.05.09 15:37:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.05.09 15:37:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.05.09 15:37:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.05.21 23:56:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found

O9 - Extra 'Tools' menuitem : Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe File not found

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C04A1E9-B9FB-4C12-AFD8-F470D45D1103}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.05.22 23:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe

[2013.05.22 22:51:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.05.22 22:50:39 | 000,000,000 | ---D | C] -- C:\JRT

[2013.05.22 22:00:40 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\XXX\Desktop\JRT.exe

[2013.05.21 23:59:30 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.05.21 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\temp

[2013.05.21 23:58:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.05.21 23:46:50 | 000,000,000 | ---D | C] -- C:\ComboFix

[2013.05.10 20:26:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.05.10 20:26:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.05.10 20:26:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.05.10 20:26:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.05.10 20:25:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.05.09 15:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013.05.09 15:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2013.05.02 16:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013.05.01 19:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2013.05.01 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.22 23:05:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.05.22 23:04:45 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job

[2013.05.22 23:03:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.05.22 23:03:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.05.22 23:03:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.22 23:02:57 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys

[2013.05.22 23:01:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013.05.22 23:00:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe

[2013.05.22 22:59:44 | 000,632,031 | ---- | M] () -- C:\Users\XXX\Desktop\adwcleaner.exe

[2013.05.22 22:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.05.22 22:00:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\XXX\Desktop\JRT.exe

[2013.05.22 14:48:03 | 000,655,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.05.22 14:48:02 | 000,699,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.05.22 14:48:02 | 000,156,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.05.22 14:48:02 | 000,128,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.05.21 23:56:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.05.20 16:51:31 | 000,064,920 | ---- | M] () -- C:\Users\XXX\Desktop\Utility bill Heiko Schmidt.JPG

[2013.05.20 16:45:45 | 000,015,670 | ---- | M] () -- C:\Users\XXX\Desktop\138266924.pdf

[2013.05.19 18:18:04 | 000,095,033 | ---- | M] () -- C:\Users\XXX\Desktop\Praktikumsbericht_Joorman.pdf

[2013.05.16 19:06:46 | 000,066,048 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.05.01 19:13:53 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.05.01 19:13:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013.04.29 18:55:25 | 001,919,022 | ---- | M] () -- C:\Users\XXX\Desktop\Foto.JPG

 
 ========== Files Created - No Company Name ==========

 

[2013.05.22 22:59:44 | 000,632,031 | ---- | C] () -- C:\Users\XXX\Desktop\adwcleaner.exe

[2013.05.20 16:48:45 | 000,064,920 | ---- | C] () -- C:\Users\XXX\Desktop\Utility bill Heiko Schmidt.JPG

[2013.05.20 16:45:45 | 000,015,670 | ---- | C] () -- C:\Users\XXX\Desktop\138266924.pdf

[2013.05.19 18:18:04 | 000,095,033 | ---- | C] () -- C:\Users\XXX\Desktop\Praktikumsbericht_Joorman.pdf

[2013.05.10 20:26:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.05.10 20:26:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.05.10 20:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.05.10 20:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.05.10 20:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.04.29 18:55:25 | 001,919,022 | ---- | C] () -- C:\Users\XXX\Desktop\Foto.JPG

[2013.04.14 12:47:24 | 000,000,004 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\skype.ini

[2012.11.08 01:16:13 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOAZXAAL.DLL

[2010.03.23 23:26:40 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.05.10 10:29:40 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat

[2009.03.30 12:31:21 | 000,000,100 | ---- | C] () -- C:\Users\XXX\AppData\Local\fusioncache.dat

[2009.03.13 23:09:37 | 000,000,012 | ---- | C] () -- C:\Users\XXX\tmpifo.bat

[2009.02.17 16:35:47 | 000,033,727 | ---- | C] () -- C:\Users\XXX\ge_4_0.jar

[2009.02.17 16:24:20 | 000,000,313 | ---- | C] () -- C:\Users\XXX\.authorrc1

[2009.02.17 14:58:22 | 000,514,875 | ---- | C] () -- C:\Users\XXX\thes_am_6_0.jar

[2009.02.17 14:58:21 | 000,000,168 | ---- | C] () -- C:\Users\XXX\EditLiveForJava.ini

[2009.01.22 21:14:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008.08.30 14:16:18 | 000,066,048 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\XXX\Desktop\Elephant Man - Dancehall Soca (2008) (mp3cut.net).mp3:TOC.WMV
 

< End of report >

--- --- ---

[/code]

OTL - Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 22.05.2013 23:11:21 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,45% Memory free

6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,18% Paging File free

Paging file location(s): ?:\pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 40,88 Gb Total Space | 1,21 Gb Free Space | 2,96% Space Free | Partition Type: NTFS

Drive D: | 182,00 Gb Total Space | 90,25 Gb Free Space | 49,59% Space Free | Partition Type: NTFS

 

Computer Name: XXX | User Name: XXX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01B9F681-96E7-486F-8045-E5CA8BAD2209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0F926404-25A0-4D52-92FA-90F45A80BE2A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{1958B11C-F1B9-4D7D-9177-0084E29679F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{21FBADF4-A125-4407-B6A5-665E7F3AD009}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{24140EBC-A09A-4A91-A468-91D79B35EB4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{2484F356-B76D-4C60-8064-9F7BB9A9212A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2BD51217-E6CB-43E2-BE9D-3792DB532E2D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{32DF3CF1-4CBF-4DD3-9B09-F54F9E387853}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{33D231E8-63A3-40AC-9505-BE6F3BDC45DC}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{380992D6-7B6E-4E67-A141-7BB1EBEB9B6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{38E88E1F-CDE2-4049-BC31-840640284514}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{392CE8B4-AFE6-4B35-BFAE-CEB0E17A9B9E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{3C8B1D65-CDC2-4341-B55E-78F9F0473AF2}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{3D1A2F47-D56C-4463-B8E1-8CE0F525B25C}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3FC8A2CD-25DB-4810-B0DF-0D7602F96750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3FCFB53A-2D30-49FB-8348-61EBFFDEFB5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{45918B47-734F-4671-B88D-9045B645A195}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{6213AFAF-56D7-4144-B23E-65DF7A062A68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6435C2F5-623F-43A2-BC8C-391755B8C475}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{67922FB6-C00A-4F84-9543-B02FB9D76E08}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 

"{67C0F5C1-BD97-45D3-B668-C7CD665FD392}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{6800322B-E183-4D17-AA67-56F9C84BBBB0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{885DDFEE-ECC2-458C-AA4E-AFDAC929C7EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{951F7DD5-3FA0-4C57-823E-25AD2F9118DF}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{98E6CE89-1E2E-465A-87BF-92E6D218F0AA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{9BC8BDE5-2D43-440B-8938-D348F262B9B1}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{ABCE8658-12FE-47DA-879A-9F4CAAED9D39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B09D5F60-FE73-415B-950E-CB0714166E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B63830EC-0AAC-4FCA-A587-447F5ABDD215}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{BA8D5678-A8E1-44E6-934C-BCDC2ACC8613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BF12A24D-B542-4388-8D6D-D29E6A948848}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{C85AEE7B-83B6-4DD3-A71F-DACE8BAB70E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CFEA2DA0-C909-45DC-B6C2-21C67AFD62D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{DE31F7EA-701C-4769-8C44-880FDF3A2B2E}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{E59E3407-33AA-4F9F-8286-F759AE282C65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E7B6A0DF-8819-46EB-8F09-F1AEE30D2E58}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{EBB1D389-7963-411D-9EBB-1FD738266E0A}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 

"{EC092DC5-98A3-4FAA-B951-5B6E3B8F0A32}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{ECB455E1-DF58-40DE-9418-F47E835C200B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{FFF2C2C2-E18E-4E46-AC7E-5D650CAAB9DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03128E8B-AAEA-4B7D-A645-CE8F38714716}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{057CC98F-3BDA-42F9-A3F7-C46C9622F6F3}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{0C682038-637A-4216-B0B8-E4360D546DD3}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 

"{13B34E19-AAEB-4C27-9FA2-52E27A832E42}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{19B9FBB8-501B-4352-9784-A12992009225}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{265C6D09-F3B0-43AA-B333-AECAB097B0AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2CE5843C-82B3-4294-9E95-C06A192581A8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 

"{3F823B1A-8BEF-4F52-BA75-CFB96B00E622}" = protocol=6 | dir=in | app=d:\avatar\bin\avatar.exe | 

"{4D2C4EAE-2911-449A-9D9D-A8B17F1E2B0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4E0F8CAE-8739-419D-B61A-86B41A73CACB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{52FDDBAA-53D9-441D-8AEF-416BC5771497}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{599CC9AB-231C-4956-82C7-8D8EA3CF58D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5A0DA669-7AE0-4EC9-B599-C8E9B86920AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5C9FB055-3E9A-44B1-911B-A9D864302EDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6E93FA4A-B089-4260-8E1C-9E6F8C045D16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{708F3A2B-C240-4FD1-98A4-92257F050FFB}" = protocol=6 | dir=out | app=system | 

"{71AECD10-B940-4A61-9DBF-44C76B4AD0C8}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{7EF9F2C8-B473-46AB-89E1-75ECB1A23B52}" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 

"{82A9B3EB-6188-48E2-BD42-E30B7E3B02B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8382734C-C8D1-4FA2-8585-78799DF1DD4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{83AB05C6-B61D-47A6-8BF2-78BFB88867E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{94957FF9-14EA-42AD-9911-25DD8682FAA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{972A4537-7CA1-4DE5-97EE-74C7BAA9A0AB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{98368AE1-53BF-46A0-B5C7-399141EFB10E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 

"{9B536AFE-3142-45B1-AA8F-2EFF56C499E2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{B209FBC9-B928-4451-9DA7-8F2B79CD0956}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B2BD176F-B7EA-4A01-B21E-59C9784E730A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{B32455C8-65E9-4C83-A8F6-66580DA83A82}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{B4BB32AD-C80C-4B76-8253-2D3330979461}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{B5EEC94C-3164-4691-ADF6-42DCA4AE0B8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB73F8F1-A1B8-44EE-B7BD-309FD3FC3943}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CE714BD0-9C53-4BCF-902E-1D2839CA84FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CF38DB1D-35CF-4812-A2A8-0FDE2D679D0E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 

"{D1B8AAC7-EAD1-4E89-82B0-6F7A1D841EC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DA5986A1-AC76-468E-BE42-3C0CCD0894D4}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 

"{E005FCF5-2DC4-4F4C-89E5-3C1E2672D8BF}" = protocol=17 | dir=in | app=d:\avatar\bin\avatarlauncher.exe | 

"{E4CC8D85-348C-476C-8E52-567BC748AA37}" = protocol=6 | dir=in | app=d:\avatar\bin\avatarlauncher.exe | 

"{E961DAF4-8D2F-4015-A091-04CDEFEF5BDD}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{E9F0A1AB-E2F2-43A0-ABE0-1F6990A88200}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 

"{F4354AE6-FDBE-407B-93C8-792C09731856}" = protocol=17 | dir=in | app=d:\avatar\bin\avatar.exe | 

"{F6A4DB30-CDBD-4923-AFCE-EB3318298D55}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 

"{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{FFA01A7B-3962-4FB8-90DC-7D7742AD56AF}" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{11DCA69A-6FC7-42EF-8972-842CCA13A7E7}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{2104991F-57F9-4343-B951-7A9D80E4117B}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"TCP Query User{3E9DCC5B-6546-4957-9ED2-C32D82AC4A3C}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 

"TCP Query User{4088A077-078E-40EF-A59F-608AAD224549}C:\users\XXX\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\XXX\desktop\utorrent.exe | 

"TCP Query User{471A5111-DDD9-42E2-B667-89CAC81609E4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{596B45BA-0711-4F67-A678-D6E7B6518614}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{5F08205D-FDB0-4B3E-A3F9-105BC0D95801}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{61A40DDF-F88F-418E-A817-E74165FC3259}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{781F61E8-E872-4FB9-AC04-2955E07B020B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{8D92669B-75E3-4B3E-8C46-895DB634D7E8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{94B24CDD-39D5-4822-A907-F72BFD229AC8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{986A0B19-3CBF-494A-A3CA-9BD71D0F4D08}D:\quantumgis\apps\udig\udig_internal.exe" = protocol=6 | dir=in | app=d:\quantumgis\apps\udig\udig_internal.exe | 

"TCP Query User{BE312FCB-A6F8-44EC-AB05-EBD25CF602CC}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 

"TCP Query User{C1484956-EEE2-4CC2-8824-439DE72FA8D8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{DAFDCCB7-3193-45ED-9CB7-E3D187D4AC2B}C:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe" = protocol=6 | dir=in | app=c:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe | 

"TCP Query User{F74F3362-BCF7-4242-8580-71A52A60C835}D:\quantumgis\bin\javaw.exe" = protocol=6 | dir=in | app=d:\quantumgis\bin\javaw.exe | 

"UDP Query User{4EA51141-F025-4024-A7C5-710E5CC59337}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{5F250EB7-04DD-456A-8A9C-B342ACF79871}C:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{63410484-20F0-4318-B753-0B898C7967D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{640DF4EF-26C1-442D-B8B7-9372B402D08E}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 

"UDP Query User{8245BFC0-F55A-4849-9550-74E729DA6206}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"UDP Query User{9E4235A6-F08F-4B45-97BB-C8703F98124F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{A66B2557-65C3-4A9D-B625-89728B831AE3}D:\quantumgis\apps\udig\udig_internal.exe" = protocol=17 | dir=in | app=d:\quantumgis\apps\udig\udig_internal.exe | 

"UDP Query User{AFDCF9DC-1EBE-4688-84D0-11FE9BD4417D}C:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe" = protocol=17 | dir=in | app=c:\users\XXX\appdata\local\temp\jzip\jzip27205\jzip03dd\routerclient.exe | 

"UDP Query User{BBD0FDBD-2A1E-44D4-A328-B0BCD4282A5A}D:\quantumgis\bin\javaw.exe" = protocol=17 | dir=in | app=d:\quantumgis\bin\javaw.exe | 

"UDP Query User{C3197299-C64E-44A3-BC9F-35234A6FF9ED}C:\users\XXX\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\XXX\desktop\utorrent.exe | 

"UDP Query User{C3D2F7D3-8D0E-4F43-ACD1-3C438C975419}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{CB22E753-188E-4F66-B155-ACB8C23F77B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{CB3C30D9-A804-4B05-93F0-74BAB3A19DB5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{D57359DF-894C-4C89-80B5-4076486106D5}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 

"UDP Query User{DCBAAC70-5B53-4CA8-A2FC-A104828E7B4B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{EBE12859-1936-4CA6-B282-AF60FAFFC273}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung

"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian

"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000

"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II

"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17

"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer

"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard

"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup

"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish

"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian

"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client

"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista

"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static

"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional

"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek

"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX

"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation

"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing

"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager

"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4

"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French

"{76902AF9-DA86-419D-B533-077643124722}" = Sony ACID Pro 5.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian

"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera

"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese

"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish

"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai

"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek

"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese

"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager

"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New

"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client

"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch

"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish

"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese

"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch

"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish

"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean

"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian

"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German

"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English

"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish

"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish

"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard

"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean

"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian

"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish

"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins

"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German

"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Avira AntiVir Desktop" = Avira Free Antivirus

"AviSynth" = AviSynth 2.5

"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager

"htmltads.exe" = HTML TADS Player Kit

"ImageJ_is1" = ImageJ 1.44p

"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0

"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation

"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus

"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now

"IrfanView" = IrfanView (remove only)

"jZip" = jZip

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Standard)

"MARK 7.0" = MARK 7.0

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Quantum GIS Lisboa" = Quantum GIS Lisboa 1.8.0 Lisboa

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 1.1.4

"Web_4.0.1460.0" = Microsoft Expression Web 4

"WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.4.5.5

"WinRAR archiver" = WinRAR

"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2378140445-2909387748-784235094-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Cisco AnyConnect Secure Mobility Client Events ]

Error - 22.05.2013 16:45:28 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

 5911 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196

 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 22.05.2013 16:45:28 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5636

Invoked

 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 22.05.2013 16:45:28 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5598

Invoked

 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 22.05.2013 16:45:28 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

 5352 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 22.05.2013 16:45:28 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 

5287 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)

Description:

 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 

 

Error - 22.05.2013 17:01:51 | Computer Name = XXX | Source = acvpnagent | ID = 67110873

Description = Termination reason code 9: Client PC is shutting down.

 

Error - 22.05.2013 17:04:20 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 22.05.2013 17:04:20 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 22.05.2013 17:04:20 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2652 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 22.05.2013 17:04:44 | Computer Name = XXX | Source = acvpnagent | ID = 67108866

Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked

 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
 

 

[ OSession Events ]

Error - 05.02.2010 18:48:35 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 282960

 seconds with 29340 seconds of active time.  This session ended with a crash.

 

Error - 07.02.2010 09:58:02 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 140953

 seconds with 4560 seconds of active time.  This session ended with a crash.

 

Error - 30.03.2010 09:11:35 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 259436

 seconds with 4560 seconds of active time.  This session ended with a crash.

 

Error - 30.05.2010 08:50:37 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 89167

 seconds with 1020 seconds of active time.  This session ended with a crash.

 

Error - 19.08.2010 17:40:39 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 17.06.2011 06:35:58 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 91245

 seconds with 5100 seconds of active time.  This session ended with a crash.

 

Error - 23.11.2011 06:24:21 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31586

 seconds with 660 seconds of active time.  This session ended with a crash.

 

Error - 16.04.2013 17:06:08 | Computer Name = XXX | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 22.05.2013 17:04:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---

[/code]

Kannst du mir bitte eine kurze Status-Meldung geben? Wurden bisher gefährliche Viren gefunden/beseitigt?

Danke!!!