| |
| |||||||
Überwachung, Datenschutz und Spam: Ich verschicke SpammailWindows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
19.05.2010, 01:08
| #1 |
| |  Ich verschicke Spammail Hallo, seit einigen Tagen verschicke ich Spammail von meinem Mail-Account. Bin ein wenig verzweifelt. AntiVir kann nichts Auffälliges finden. Habe mir vor einiger Zeit Thunderbird zugelegt. Könnte es damit zusammenhängen? Nun ja. Hier die Informationen aus Malwarebytes: Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4113 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 19.05.2010 01:36:14 mbam-log-2010-05-19 (01-36-14).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 117430 Laufzeit: 12 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Und OTL Code:
ATTFilter OTL logfile created on: 19.05.2010 01:41:13 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\ShrewSoft\VPN Client\dtpd.exe () PRC - C:\Programme\ShrewSoft\VPN Client\iked.exe () PRC - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe () PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe () PRC - C:\Windows\System32\lxducoms.exe ( ) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Symantec Core LC) -- File not found SRV - (Automatisches LiveUpdate - Scheduler) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () SRV - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe () SRV - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( ) SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (de_serv) -- C:\Programme\Common Files\AVM\DE_SERV.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc) DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 18:07:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 18:07:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.01.15 22:45:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009.04.17 16:57:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.31 17:13:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.29 23:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.29 23:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.19 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions [2010.04.28 01:40:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.20 14:03:31 | 000,000,000 | ---D | M] (NewsFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319} [2010.01.26 19:20:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009.04.06 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\moveplayer@movenetworks.com [2009.01.15 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\jct92j5c.default\extensions [2010.04.07 22:58:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.12.07 18:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2008.08.29 09:16:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.01.25 14:20:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.25 14:20:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.25 14:20:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.25 14:20:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.25 14:20:20 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.22 23:42:21 | 000,000,083 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3d4c1e18-f5d5-11dc-a485-0016d4fd02cc}\Shell\verb1\command - "" = desktop.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.19 01:38:14 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.19 01:21:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.05.19 01:21:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.19 01:21:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.19 01:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.19 01:21:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.19 01:20:37 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Documents\mbam-setup.exe [2010.05.19 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\51464-anleitung-ccleaner-Dateien [2010.05.19 00:58:00 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe [2010.05.19 00:35:34 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe [2010.05.10 19:10:44 | 000,000,000 | ---D | C] -- C:\Programme\Teachmaster 4.3 [2010.05.09 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Vokabeln [2009.12.28 22:02:30 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009.12.28 22:02:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009.12.28 22:02:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009.12.28 22:02:28 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009.12.28 22:02:28 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009.12.28 22:02:28 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009.12.28 22:02:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009.12.28 22:02:27 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009.12.28 22:02:25 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009.12.28 22:02:25 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys [2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Documents\mbam-setup.exe [2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg [2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg [2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg [2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg [2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html [2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe [2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe [2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job [2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar [2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk [2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk [2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe [2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.19 01:39:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fsvclw.sys [2010.05.19 01:21:41 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 01:18:00 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011758.reg [2010.05.19 01:17:32 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011730.reg [2010.05.19 01:16:29 | 000,002,100 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011627.reg [2010.05.19 01:14:40 | 000,060,736 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011435.reg [2010.05.19 01:10:57 | 000,055,604 | ---- | C] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html [2010.05.12 20:51:34 | 028,053,890 | ---- | C] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar [2010.05.10 19:42:29 | 000,000,132 | ---- | C] () -- C:\Users\***\Desktop\unidad 3.kk [2010.05.10 19:10:45 | 000,000,905 | ---- | C] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk [2010.05.10 19:10:16 | 000,933,622 | ---- | C] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe [2010.05.09 22:17:54 | 000,001,278 | ---- | C] () -- C:\Users\***\Documents\Unidad 3.pau.gz [2010.04.19 15:35:12 | 000,114,313 | ---- | C] () -- C:\Users\***\Desktop\Tanzarchiv.pdf [2009.12.28 22:11:27 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll [2009.12.28 22:09:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2009.12.28 22:06:55 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009.12.28 22:06:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009.12.28 22:06:54 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009.12.28 22:03:47 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009.12.28 22:02:30 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll [2009.12.28 22:02:26 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2009.12.22 23:41:43 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.09.30 19:06:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.30 18:58:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini [2007.10.03 22:28:24 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2007.10.03 22:28:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2007.09.06 21:29:45 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2007.09.02 01:45:33 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll [2007.09.02 01:45:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll [2007.09.02 01:45:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2007.09.02 01:45:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.09.02 01:45:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2007.08.20 17:29:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\libxml2.dll.off [2007.08.20 17:29:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll.off [2007.08.20 17:29:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll.off [2007.08.20 17:29:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll.off [2007.07.08 17:05:23 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2007.03.14 10:34:13 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.03.13 13:03:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.03.13 13:03:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.03.13 13:03:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.03.13 13:03:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.03.13 12:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.03.13 12:31:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.03.13 12:31:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.03.13 12:31:43 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.03.13 12:31:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2006.12.05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.24 08:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2010.05.19 01:45:42 | 000,000,000 | R--D | M] -- C:\Users\***\Desktop [2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.19 01:42:02 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.19 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Temp [2010.05.19 01:21:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.05.19 01:21:43 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 01:21:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Documents\mbam-setup.exe [2010.05.19 01:20:37 | 000,000,000 | R--D | M] -- C:\Users\***\Documents [2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg [2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg [2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg [2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg [2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html [2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe [2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe [2010.05.19 00:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job [2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.18 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2 [2010.05.18 12:05:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats [2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar [2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk [2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk [2010.05.10 19:10:45 | 000,000,000 | ---D | M] -- C:\Programme\Teachmaster 4.3 [2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe [2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.30 12:38:46 | 000,000,000 | R--D | M] -- C:\Users\***\Music [2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.27 12:26:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark 5600-6600 Series [2010.04.26 00:12:44 | 000,000,000 | R--D | M] -- C:\Users\***\Downloads [2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys [2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Documents\mbam-setup.exe [2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg [2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg [2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg [2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg [2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html [2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe [2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe [2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job [2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar [2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk [2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk [2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe [2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < End of report > Teil 2 ----> im nächsten thread |
|
19.05.2010, 01:12
| #2 |
| | Ich verschicke Spammail Der erste Teil meine Frage steht wohl hier drunter
__________________Code:
ATTFilter OTL Extras logfile created on: 19.05.2010 01:41:14 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe |
"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe |
"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe |
"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe |
"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe |
"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe |
"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"AMP WinOFF" = AMP WinOFF
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Beach King" = Beach King
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Klabutong_is1" = Klabutong v1.1
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LucasArts' Monkey4" = LucasArts' Monkey4
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Samplitude V8 SE D" = Samplitude V8 SE (D)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VST Bridge_is1" = VST Bridge 1.1
"Vyrox" = Vyrox
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"VisualComposer 2" = Visual Composer .NET 2.0.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe |
"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe |
"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe |
"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe |
"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe |
"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe |
"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"AMP WinOFF" = AMP WinOFF
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Beach King" = Beach King
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Klabutong_is1" = Klabutong v1.1
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LucasArts' Monkey4" = LucasArts' Monkey4
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Samplitude V8 SE D" = Samplitude V8 SE (D)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VST Bridge_is1" = VST Bridge 1.1
"Vyrox" = Vyrox
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"VisualComposer 2" = Visual Composer .NET 2.0.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
CCleaner hat nichts gefunden. Ich hoffe ihr könnt mir helfen. Beste Grüße. |
|
19.05.2010, 06:33
| #3 | ||
| /// Mr. Schatten   | Ich verschicke SpammailZitat:
Zitat:
Für die Logfileauswertung fühle ich mich nicht zuständig 
__________________ |
|
19.05.2010, 09:19
| #4 |
| | Ich verschicke Spammail Nun ja. Bekomme öfter Fehlermeldungen, dass bestimmte Mails, die ich nicht versendet habe nicht verschickt werden konnten. Außerdem haben mich Freunde drauf hingewiesen, dass sie in letzter Zeit öfter mal aktuelle Viagraempfehlungen oder russische Chatseiten von mir zugeschickt bekommen. Und Thunderbird habe ich direkt von der Mozilla-Seite. Damit kann es eigentlich nicht zusammenhängen. |
|
19.05.2010, 09:37
| #5 | ||
| /// Mr. Schatten | Ich verschicke SpammailZitat:
Zitat:
Aber Absender und Adressat müssen auch nur aus einer gemeinsamen Quelle stammen, d.h. irgendwer (du oder ein Freund) haben deine und die Freundes-E-Mail-Adressen auf dem PC und eine Malware hat dies ausgelesen. Du solltest - falls die Aussagen deiner Freunde verlässlich und ernsthaft sind - einerseits dich mal mit E-Mail-Headern auseinandersetzen (eine öffentliche Analyse bedingte immer auch Veröffentlichung persönlicher Daten wie deine E-Mail-Adresse u.ä. <=> Spam kann auch dies als Grundlage nehmen) => E-Mail-Header lesen und verstehen andererseits darauf setzen, dass sich jemand deiner Logfiles annimmt. Trotzdem würde ich dir anraten, dass du gerade mal "deine" Viagra-E-Mails (den Header) bei deinen Freunden näher anschaust, da solltest du nämlich ganz bzw. relativ leicht feststellen können, ob sie von dir stammen. Es wäre heute aber sehr ungewöhnlich, wenn dein E-Mailprogramm missbraucht würde. Spammer versuchen heute i.d.R. eher nicht aufzufallen (= möglichst lange senden zu können), deshalb ist es eher unwahrscheinlich, dass der scheinbare Absender auch der echte Absender ist. Aber unmöglich oder gänzlich unwahrscheinlich ist es nicht, möglicherweise hast du auch was "altes" eingefangen, was ein AV-Programm aber eigentlich erkennen sollte.
__________________ alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung keine Hilfe via PN hier ist ein Forum, jeder kann profitieren/kontrollieren - niemand ist fehlerfrei tendenzielle Beachtung der Rechtschreibregeln erhöht die Wahrscheinlichkeit einer Antwort - |
|
| Themen zu Ich verschicke Spammail |
| agere systems, antivir, autorun, avgntflt.sys, avira, bho, bonjour, ccsetup, components, corp./icp, defender, dropbox, error, explorer, firefox, firefox.exe, hijack, home, home premium, hängen, icq, jucheck.exe, location, logfile, microsoft, mozilla, mozilla thunderbird, nvidia, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, port, programdata, programme, realtek, registry, remote control, saver, sched.exe, searchplugins, software, start menu, symantec, trojan.downloader, uleadburninghelper, vista, winlogon, worm.allaple |
Ich verschicke Spammail
Linear-Darstellung
