Zurück   Trojaner-Board > Malware entfernen > Überwachung, Datenschutz und Spam

Überwachung, Datenschutz und Spam: Ich verschicke Spammail

Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 19.05.2010, 02:08   #1
baskerville
 
Ich verschicke Spammail - Standard

Ich verschicke Spammail



Hallo,

seit einigen Tagen verschicke ich Spammail von meinem Mail-Account. Bin ein wenig verzweifelt. AntiVir kann nichts Auffälliges finden. Habe mir vor einiger Zeit Thunderbird zugelegt. Könnte es damit zusammenhängen?

Nun ja. Hier die Informationen aus
Malwarebytes:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4113

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

19.05.2010 01:36:14
mbam-log-2010-05-19 (01-36-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 117430
Laufzeit: 12 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Und OTL


Code:
ATTFilter
OTL logfile created on: 19.05.2010 01:41:13 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()
PRC - C:\Programme\ShrewSoft\VPN Client\iked.exe ()
PRC - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe ()
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Symantec Core LC) --  File not found
SRV - (Automatisches LiveUpdate - Scheduler) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\DE_SERV.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.5
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 18:07:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 18:07:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.01.15 22:45:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009.04.17 16:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.31 17:13:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.29 23:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.29 23:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.19 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions
[2010.04.28 01:40:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.20 14:03:31 | 000,000,000 | ---D | M] (NewsFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}
[2010.01.26 19:20:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.04.06 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\moveplayer@movenetworks.com
[2009.01.15 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\jct92j5c.default\extensions
[2010.04.07 22:58:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.07 18:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2008.08.29 09:16:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.01.25 14:20:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.25 14:20:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.25 14:20:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.25 14:20:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.25 14:20:20 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.22 23:42:21 | 000,000,083 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d4c1e18-f5d5-11dc-a485-0016d4fd02cc}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 01:38:14 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.19 01:21:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.19 01:21:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.19 01:21:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.19 01:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.19 01:21:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.19 01:20:37 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe
[2010.05.19 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\51464-anleitung-ccleaner-Dateien
[2010.05.19 00:58:00 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe
[2010.05.19 00:35:34 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe
[2010.05.10 19:10:44 | 000,000,000 | ---D | C] -- C:\Programme\Teachmaster 4.3
[2010.05.09 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Vokabeln
[2009.12.28 22:02:30 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2009.12.28 22:02:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2009.12.28 22:02:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2009.12.28 22:02:28 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2009.12.28 22:02:28 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2009.12.28 22:02:28 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2009.12.28 22:02:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2009.12.28 22:02:27 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2009.12.28 22:02:25 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2009.12.28 22:02:25 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys
[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe
[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg
[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg
[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg
[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg
[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html
[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe
[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe
[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job
[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar
[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk
[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk
[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe
[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.19 01:39:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fsvclw.sys
[2010.05.19 01:21:41 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 01:18:00 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011758.reg
[2010.05.19 01:17:32 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011730.reg
[2010.05.19 01:16:29 | 000,002,100 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011627.reg
[2010.05.19 01:14:40 | 000,060,736 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011435.reg
[2010.05.19 01:10:57 | 000,055,604 | ---- | C] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html
[2010.05.12 20:51:34 | 028,053,890 | ---- | C] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar
[2010.05.10 19:42:29 | 000,000,132 | ---- | C] () -- C:\Users\***\Desktop\unidad 3.kk
[2010.05.10 19:10:45 | 000,000,905 | ---- | C] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk
[2010.05.10 19:10:16 | 000,933,622 | ---- | C] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe
[2010.05.09 22:17:54 | 000,001,278 | ---- | C] () -- C:\Users\***\Documents\Unidad 3.pau.gz
[2010.04.19 15:35:12 | 000,114,313 | ---- | C] () -- C:\Users\***\Desktop\Tanzarchiv.pdf
[2009.12.28 22:11:27 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2009.12.28 22:09:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2009.12.28 22:06:55 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2009.12.28 22:06:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2009.12.28 22:06:54 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2009.12.28 22:03:47 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2009.12.28 22:02:30 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2009.12.28 22:02:26 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009.12.22 23:41:43 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.30 19:06:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.30 18:58:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2007.10.03 22:28:24 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2007.10.03 22:28:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.09.06 21:29:45 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007.09.02 01:45:33 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll
[2007.09.02 01:45:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007.09.02 01:45:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.09.02 01:45:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.09.02 01:45:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007.08.20 17:29:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\libxml2.dll.off
[2007.08.20 17:29:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll.off
[2007.08.20 17:29:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll.off
[2007.08.20 17:29:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll.off
[2007.07.08 17:05:23 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2007.03.14 10:34:13 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.03.13 13:03:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.03.13 13:03:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.03.13 13:03:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.03.13 13:03:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.03.13 12:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.03.13 12:31:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.03.13 12:31:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.03.13 12:31:43 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.03.13 12:31:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006.12.05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.24 08:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2010.05.19 01:45:42 | 000,000,000 | R--D | M] -- C:\Users\***\Desktop
[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.19 01:42:02 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.19 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Temp
[2010.05.19 01:21:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.19 01:21:43 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 01:21:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe
[2010.05.19 01:20:37 | 000,000,000 | R--D | M] -- C:\Users\***\Documents
[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg
[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg
[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg
[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg
[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html
[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe
[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe
[2010.05.19 00:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job
[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.18 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2
[2010.05.18 12:05:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats
[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar
[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk
[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk
[2010.05.10 19:10:45 | 000,000,000 | ---D | M] -- C:\Programme\Teachmaster 4.3
[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe
[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.30 12:38:46 | 000,000,000 | R--D | M] -- C:\Users\***\Music
[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.27 12:26:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark 5600-6600 Series
[2010.04.26 00:12:44 | 000,000,000 | R--D | M] -- C:\Users\***\Downloads
[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys
[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe
[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg
[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg
[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg
[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg
[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html
[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe
[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe
[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job
[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar
[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk
[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk
[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe
[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< End of report >
         


Teil 2

----> im nächsten thread

Alt 19.05.2010, 02:12   #2
baskerville
 
Ich verschicke Spammail - Standard

Ich verschicke Spammail



Der erste Teil meine Frage steht wohl hier drunter


Code:
ATTFilter
OTL Extras logfile created on: 19.05.2010 01:41:14 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe | 
"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | 
"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 
"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 
"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | 
"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe | 
"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = 
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"AMP WinOFF" = AMP WinOFF
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Beach King" = Beach King
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Klabutong_is1" = Klabutong v1.1
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LucasArts' Monkey4" = LucasArts' Monkey4
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Samplitude V8 SE D" = Samplitude V8 SE (D)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VST Bridge_is1" = VST Bridge 1.1
"Vyrox" = Vyrox
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"VisualComposer 2" = Visual Composer .NET 2.0.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 

 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe | 
"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | 
"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 
"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 
"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | 
"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe | 
"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = 
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"AMP WinOFF" = AMP WinOFF
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Beach King" = Beach King
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Klabutong_is1" = Klabutong v1.1
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LucasArts' Monkey4" = LucasArts' Monkey4
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Samplitude V8 SE D" = Samplitude V8 SE (D)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VST Bridge_is1" = VST Bridge 1.1
"Vyrox" = Vyrox
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"VisualComposer 2" = Visual Composer .NET 2.0.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

CCleaner hat nichts gefunden.

Ich hoffe ihr könnt mir helfen.

Beste Grüße.
__________________


Alt 19.05.2010, 07:33   #3
Shadow
/// Mr. Schatten
 
Ich verschicke Spammail - Standard

Ich verschicke Spammail



Zitat:
Zitat von baskerville Beitrag anzeigen
seit einigen Tagen verschicke ich Spammail von meinem Mail-Account.
Wie kommst du darauf?
Zitat:
Zitat von baskerville Beitrag anzeigen
Habe mir vor einiger Zeit Thunderbird zugelegt. Könnte es damit zusammenhängen?
Wenn du es aus zweifelhafter Quelle hast ja, sonst nein. (außer du hast den Spamversand vorsätzlich eingerichtet)

Für die Logfileauswertung fühle ich mich nicht zuständig
__________________
__________________

Alt 19.05.2010, 10:19   #4
baskerville
 
Ich verschicke Spammail - Standard

Ich verschicke Spammail



Nun ja. Bekomme öfter Fehlermeldungen, dass bestimmte Mails, die ich nicht versendet habe nicht verschickt werden konnten.
Außerdem haben mich Freunde drauf hingewiesen, dass sie in letzter Zeit öfter mal aktuelle Viagraempfehlungen oder russische Chatseiten von mir zugeschickt bekommen.

Und Thunderbird habe ich direkt von der Mozilla-Seite. Damit kann es eigentlich nicht zusammenhängen.

Alt 19.05.2010, 10:37   #5
Shadow
/// Mr. Schatten
 
Ich verschicke Spammail - Standard

Ich verschicke Spammail



Zitat:
Zitat von baskerville Beitrag anzeigen
Nun ja. Bekomme öfter Fehlermeldungen, dass bestimmte Mails, die ich nicht versendet habe nicht verschickt werden konnten.
Dies bedeutet erst einmal sehr wenig. Es kann auch jemand einfach deinen Absender missbraucht haben
Zitat:
Zitat von baskerville Beitrag anzeigen
Außerdem haben mich Freunde drauf hingewiesen, dass sie in letzter Zeit öfter mal aktuelle Viagraempfehlungen oder russische Chatseiten von mir zugeschickt bekommen.
s.o. wobei die Wahrscheinlichkeit, dass jemand der deinen Absender missbraucht zufällig deinen Freunden (plural) was schickt, ist eher gering.
Aber Absender und Adressat müssen auch nur aus einer gemeinsamen Quelle stammen, d.h. irgendwer (du oder ein Freund) haben deine und die Freundes-E-Mail-Adressen auf dem PC und eine Malware hat dies ausgelesen.
Du solltest - falls die Aussagen deiner Freunde verlässlich und ernsthaft sind - einerseits dich mal mit E-Mail-Headern auseinandersetzen (eine öffentliche Analyse bedingte immer auch Veröffentlichung persönlicher Daten wie deine E-Mail-Adresse u.ä. <=> Spam kann auch dies als Grundlage nehmen)
=> E-Mail-Header lesen und verstehen
andererseits darauf setzen, dass sich jemand deiner Logfiles annimmt.
Trotzdem würde ich dir anraten, dass du gerade mal "deine" Viagra-E-Mails (den Header) bei deinen Freunden näher anschaust, da solltest du nämlich ganz bzw. relativ leicht feststellen können, ob sie von dir stammen.
Es wäre heute aber sehr ungewöhnlich, wenn dein E-Mailprogramm missbraucht würde.
Spammer versuchen heute i.d.R. eher nicht aufzufallen (= möglichst lange senden zu können), deshalb ist es eher unwahrscheinlich, dass der scheinbare Absender auch der echte Absender ist. Aber unmöglich oder gänzlich unwahrscheinlich ist es nicht, möglicherweise hast du auch was "altes" eingefangen, was ein AV-Programm aber eigentlich erkennen sollte.

__________________
alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung
keine Hilfe via PN
hier ist ein Forum, jeder kann profitieren/kontrollieren - niemand ist fehlerfrei
tendenzielle Beachtung der Rechtschreibregeln erhöht die Wahrscheinlichkeit einer Antwort
-


Antwort

Themen zu Ich verschicke Spammail
agere systems, antivir, autorun, avgntflt.sys, avira, bho, bonjour, ccsetup, components, corp./icp, defender, dropbox, error, explorer, firefox, firefox.exe, hijack, home, home premium, hängen, icq, jucheck.exe, location, logfile, microsoft, mozilla, mozilla thunderbird, nvidia, nvstor.sys, oldtimer, otl logfile, otl.exe, port, programdata, programme, realtek, registry, remote control, saver, sched.exe, searchplugins, software, start menu, symantec, trojan.downloader, uleadburninghelper, vista, winlogon, worm.allaple



Ähnliche Themen: Ich verschicke Spammail


  1. Dhl Spammail, Virenverdacht!
    Log-Analyse und Auswertung - 27.03.2015 (17)
  2. Spammail von Anwaltskanzlei
    Überwachung, Datenschutz und Spam - 23.01.2015 (5)
  3. Windows 7 -- Mail delivery failed obwohl ich keine Mails verschicke
    Log-Analyse und Auswertung - 01.11.2013 (11)
  4. Spammail geöffnet
    Überwachung, Datenschutz und Spam - 27.02.2013 (7)
  5. Verschicke Spam Mails
    Log-Analyse und Auswertung - 25.01.2013 (12)
  6. Verschicke Spam-Emails
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (13)
  7. Netzbetreiber sagt ich verschicke Schadware/Spam
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (6)
  8. Verschicke Spam-Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (6)
  9. Merkwürdige Sicherheitscenter-Meldungen, verschicke ungewollt Spammails, ...
    Antiviren-, Firewall- und andere Schutzprogramme - 14.02.2011 (13)
  10. Ich verschicke per MSN Email spam Nachrichten
    Log-Analyse und Auswertung - 23.08.2010 (14)
  11. verschicke spam mit msn und er stürzt immer ab
    Log-Analyse und Auswertung - 04.05.2010 (22)
  12. Ich verschicke Links über MSN...HILFE!!!
    Log-Analyse und Auswertung - 24.04.2009 (7)
  13. verschicke über MSN perverse Nachrichten - Hier mein Logfile!
    Log-Analyse und Auswertung - 31.07.2008 (8)
  14. ProRat_v1.9-Trojaner wie verschicke ich den über icq???
    Mülltonne - 05.03.2008 (5)
  15. verschicke ich spam?
    Überwachung, Datenschutz und Spam - 19.06.2007 (7)
  16. Verschicke unabsichtlich Daten über Msn! Bitte LogFile checken.
    Log-Analyse und Auswertung - 08.09.2006 (3)
  17. Ärger mit T-Online, weil ich angeblich Spam-Mails verschicke.
    Plagegeister aller Art und deren Bekämpfung - 14.11.2003 (3)

Zum Thema Ich verschicke Spammail - Hallo, seit einigen Tagen verschicke ich Spammail von meinem Mail-Account. Bin ein wenig verzweifelt. AntiVir kann nichts Auffälliges finden. Habe mir vor einiger Zeit Thunderbird zugelegt. Könnte es damit zusammenhängen? - Ich verschicke Spammail...
Archiv
Du betrachtest: Ich verschicke Spammail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.