TR/Meredrop.A.5772
Hallo AntiVIR hat einen Trojaner gefunden und nun weiss ich nicht, wie ich den wieder los werde . Kann mir jemand helfen? Ich habe die LOGFILES: OTL , extra , Avira drin !OTL Logfile: Code:
OTL logfile created on: 10.04.2011 21:59:53 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,89 Gb Total Space | 28,81 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive E: | 72,68 Gb Total Space | 14,72 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
Drive F: | 669,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Processes (SafeList) ==========
PRC - [2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe
PRC - [2011.03.18 12:57:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.11 13:46:35 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.11 13:46:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010.10.18 21:15:07 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008.03.03 15:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008.01.28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.03.29 11:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (SafeList) ==========
MOD - [2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe
MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - [2011.03.18 12:57:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.11 13:46:35 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010.11.11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010.11.11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.08.13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.11.09 15:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.11.09 15:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.10.10 10:44:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.05 17:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007.08.01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.03.29 11:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - [2011.03.18 12:57:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.11 13:46:36 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.26 20:49:45 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.07.26 20:48:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.07.26 20:48:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.03.03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.19 07:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.07.27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007.06.19 09:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007.06.01 13:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006.12.06 01:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 6080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 6080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 13:28:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.10 09:34:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010.10.07 20:53:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011.03.10 09:34:33 | 000,000,000 | ---D | M]
[2010.05.14 14:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Extensions
[2010.05.14 14:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.04.09 22:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Firefox\Profiles\rdmiy0rc.default\extensions
[2010.05.30 13:08:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Susann\AppData\Roaming\mozilla\Firefox\Profiles\rdmiy0rc.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011.04.09 22:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.06 14:35:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.06 14:35:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [0x017] File not found
O4 - Startup: C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (MetaStreamCtl Class)
O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} hxxp://www3.snapfish.de/SnapfishActivia3.cab (Snapfish Activia3)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1211448055 (Image Uploader Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17d3dd40-5f4b-11df-b56e-00038a000015}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{2e91a941-ba54-11de-aeb1-00038a000015}\Shell\AutoRun\command - "" = G:\installer.exe
O33 - MountPoints2\{9d2a71b8-e1a8-11dd-925b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9d2a71b8-e1a8-11dd-925b-00038a000015}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9d2a720c-e1a8-11dd-925b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9d2a720c-e1a8-11dd-925b-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad36e6e7-02fe-11de-ab58-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ad36e6e7-02fe-11de-ab58-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{cd29e791-4b19-11dd-8b73-00038a000015}\Shell\AutoRun\command - "" = D:\starter.exe
O33 - MountPoints2\{d467c00a-69f5-11de-9803-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d467c00a-69f5-11de-9803-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2011.04.10 21:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.10 21:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.04.10 21:42:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Susann\Desktop\Erunt-setup.exe
[2011.04.10 21:42:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe
[2011.04.10 21:42:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Susann\Desktop\TFC.exe
[2011.04.10 07:54:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.10 07:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.10 07:54:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.10 07:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.09 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Susann\AppData\Roaming\Avira
[2011.04.09 15:57:46 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\Web Creator
[2011.03.31 14:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
[2011.03.31 14:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter
[2011.03.30 06:19:12 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\WP_000002
[2011.03.28 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901
[2009.05.15 20:29:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeCBCD.dll
[2008.12.21 18:23:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Susann\AppData\Roaming\pcouffin.sys
[2008.05.20 19:37:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2008.05.20 19:37:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2008.05.20 19:37:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2008.05.20 19:37:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2008.05.20 19:37:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2008.05.20 19:37:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2008.05.20 19:37:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2008.05.20 19:37:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2008.05.20 19:37:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2008.05.20 19:37:47 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2008.05.20 19:37:47 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2008.05.20 19:37:46 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2008.05.20 19:37:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2008.05.20 19:37:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2008.05.20 19:37:45 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
========== Files - Modified Within 14 Days ==========
[2011.04.10 22:03:33 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41BCEC00-6076-4D3E-B508-98F337E631E7}.job
[2011.04.10 22:00:41 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.10 21:58:43 | 000,352,614 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.04.10 21:57:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.10 21:57:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.10 21:57:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.10 21:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.10 21:57:24 | 2009,157,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.10 21:53:59 | 000,663,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.10 21:53:59 | 000,623,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.10 21:53:59 | 000,136,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.10 21:53:59 | 000,112,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.10 21:48:14 | 000,000,878 | ---- | M] () -- C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.10 21:48:11 | 000,000,698 | ---- | M] () -- C:\Users\Susann\Desktop\NTREGOPT.lnk
[2011.04.10 21:48:11 | 000,000,679 | ---- | M] () -- C:\Users\Susann\Desktop\ERUNT.lnk
[2011.04.10 21:42:46 | 000,301,568 | ---- | M] () -- C:\Users\Susann\Desktop\g2m3e4r.exe
[2011.04.10 21:42:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Susann\Desktop\Erunt-setup.exe
[2011.04.10 21:42:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\TFC.exe
[2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe
[2011.04.10 21:20:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.10 19:57:10 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.04.10 19:57:10 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2011.04.10 19:43:48 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.04.10 07:54:05 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.09 22:15:27 | 000,000,953 | ---- | M] () -- C:\Users\Susann\Desktop\Web Creator 3.lnk
[2011.04.08 13:13:00 | 000,143,715 | ---- | M] () -- C:\Users\Susann\Documents\vog9143483.pdf
[2011.04.04 21:43:39 | 000,015,708 | ---- | M] () -- C:\Users\Susann\Documents\überweisungen.odt
[2011.04.04 20:58:25 | 000,087,201 | ---- | M] () -- C:\Users\Susann\Documents\Sgiend0400111040411120.pdf
[2011.04.03 12:13:08 | 000,019,659 | ---- | M] () -- C:\Users\Susann\AppData\Local\internal.grp
[2011.03.31 14:15:23 | 000,040,625 | ---- | M] () -- C:\Users\Susann\kaufvertrag.pdf
[2011.03.31 14:10:12 | 000,000,827 | ---- | M] () -- C:\Users\Susann\Desktop\Free PDF to Word Doc Converter.lnk
[2011.03.30 06:19:12 | 001,828,356 | ---- | M] () -- C:\Users\Susann\Documents\WP_000002.zip
[2011.03.30 05:55:58 | 196,104,213 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.28 22:52:29 | 000,032,673 | ---- | M] () -- C:\Users\Susann\vollmacht_2005.pdf
[2011.03.28 22:47:17 | 000,028,867 | ---- | M] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.pdf
[2011.03.28 22:46:12 | 000,033,033 | ---- | M] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.zip
[2011.03.28 09:23:00 | 000,000,680 | ---- | M] () -- C:\Users\Susann\AppData\Local\d3d9caps.dat
========== Files Created - No Company Name ==========
[2011.04.10 21:48:14 | 000,000,878 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.10 21:48:11 | 000,000,698 | ---- | C] () -- C:\Users\Susann\Desktop\NTREGOPT.lnk
[2011.04.10 21:48:11 | 000,000,679 | ---- | C] () -- C:\Users\Susann\Desktop\ERUNT.lnk
[2011.04.10 21:42:30 | 000,301,568 | ---- | C] () -- C:\Users\Susann\Desktop\g2m3e4r.exe
[2011.04.10 19:57:10 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2011.04.10 19:57:10 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2011.04.10 07:54:05 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.09 22:15:27 | 000,000,953 | ---- | C] () -- C:\Users\Susann\Desktop\Web Creator 3.lnk
[2011.04.08 13:12:57 | 000,143,715 | ---- | C] () -- C:\Users\Susann\Documents\vog9143483.pdf
[2011.04.04 21:42:13 | 000,015,708 | ---- | C] () -- C:\Users\Susann\Documents\überweisungen.odt
[2011.04.04 20:58:23 | 000,087,201 | ---- | C] () -- C:\Users\Susann\Documents\Sgiend0400111040411120.pdf
[2011.03.31 14:15:22 | 000,040,625 | ---- | C] () -- C:\Users\Susann\kaufvertrag.pdf
[2011.03.31 14:10:12 | 000,000,827 | ---- | C] () -- C:\Users\Susann\Desktop\Free PDF to Word Doc Converter.lnk
[2011.03.30 06:18:44 | 001,828,356 | ---- | C] () -- C:\Users\Susann\Documents\WP_000002.zip
[2011.03.28 22:52:29 | 000,032,673 | ---- | C] () -- C:\Users\Susann\vollmacht_2005.pdf
[2011.03.28 22:47:17 | 000,028,867 | ---- | C] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.pdf
[2011.03.28 22:46:10 | 000,033,033 | ---- | C] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.zip
[2010.09.29 13:43:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.08.23 11:12:47 | 000,019,659 | ---- | C] () -- C:\Users\Susann\AppData\Local\internal.grp
[2010.08.23 11:08:05 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2010.08.23 10:54:09 | 000,004,753 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.04.11 18:22:15 | 000,000,121 | ---- | C] () -- C:\Windows\Winamp.ini
[2010.03.17 20:27:27 | 000,087,184 | ---- | C] () -- C:\Windows\NSUninst.exe
[2010.03.17 20:27:05 | 000,087,184 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2010.03.17 20:27:03 | 000,009,606 | ---- | C] () -- C:\Windows\mozver.dat
[2009.07.22 16:18:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.05 18:26:14 | 003,361,136 | ---- | C] () -- C:\Program Files\pplivesetup_1.9.23.exe
[2009.02.24 19:22:10 | 000,057,763 | ---- | C] () -- C:\Program Files\anmeldung_2008.pdf
[2009.02.19 16:15:02 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.26 17:46:49 | 029,066,112 | ---- | C] () -- C:\Program Files\TE4XP_Trial_4.6.3.268_setup_de.exe
[2008.12.21 18:26:12 | 000,000,671 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\vso_ts_preview.xml
[2008.12.21 18:23:54 | 000,087,608 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\inst.exe
[2008.12.21 18:23:54 | 000,007,887 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\pcouffin.cat
[2008.12.21 18:23:53 | 000,001,144 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\pcouffin.inf
[2008.09.23 10:10:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.23 10:10:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.07 13:56:46 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008.07.03 22:56:12 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.07.01 12:15:37 | 000,000,680 | ---- | C] () -- C:\Users\Susann\AppData\Local\d3d9caps.dat
[2008.06.22 14:50:13 | 000,000,016 | -H-- | C] () -- C:\Users\Susann\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.06.22 14:50:13 | 000,000,016 | -H-- | C] () -- C:\Users\Susann\AppData\Local\mxfilerelatedcache.mxc2
[2008.06.12 17:15:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008.06.12 17:15:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008.06.12 17:15:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008.06.12 17:15:40 | 000,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008.06.12 11:19:21 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.10 13:38:19 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.06.10 13:38:18 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.06.10 13:38:18 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.06.10 13:38:18 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.06.10 13:38:18 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.06.10 13:38:18 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.06.05 06:46:44 | 000,000,094 | ---- | C] () -- C:\Users\Susann\AppData\Local\fusioncache.dat
[2008.05.31 13:57:35 | 000,000,343 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008.05.28 13:04:31 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.05.20 19:37:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2008.05.20 19:37:51 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2008.05.15 17:33:35 | 000,002,779 | ---- | C] () -- C:\Windows\tm.ini
[2008.04.08 08:54:12 | 000,167,275 | ---- | C] () -- C:\Program Files\rechnung öl.xps
[2008.04.07 09:56:39 | 002,782,994 | ---- | C] () -- C:\Program Files\DeepBurner19.exe
[2008.03.15 15:00:43 | 000,000,311 | ---- | C] () -- C:\Windows\pdf2word.INI
[2008.03.14 10:48:31 | 000,024,206 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\UserTile.png
[2008.03.04 13:50:39 | 000,000,245 | ---- | C] () -- C:\Windows\BUHL.INI
[2008.03.04 12:57:34 | 000,000,633 | ---- | C] () -- C:\Windows\wiso.ini
[2008.02.11 23:36:22 | 000,000,039 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\AVSDVDPlayer.m3u
[2008.01.22 20:30:27 | 000,243,200 | ---- | C] () -- C:\Users\Susann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 16:08:59 | 113,658,554 | ---- | C] () -- C:\Program Files\OOo_2.3.1_Win32Intel_install_de.exe
[2008.01.09 12:52:58 | 000,796,048 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll
[2008.01.09 12:40:06 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.08 20:16:02 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.09.14 10:27:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.09.14 10:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.09.14 10:00:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.09.14 10:00:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.09.14 10:00:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.09.14 10:00:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.09.14 09:59:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.09.14 09:59:38 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.09.14 09:59:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.09.14 09:59:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.09.14 09:59:38 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.09.14 09:59:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.09.14 09:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007.09.14 09:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007.09.14 09:40:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.09.14 08:25:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.14 08:24:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.09.14 08:24:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.09.14 08:23:59 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,663,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,136,050 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,295,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,623,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,112,302 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.22 21:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1996.08.22 03:07:02 | 000,000,640 | ---- | C] () -- C:\Windows\TBINSDT.DAT
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 10.04.2011 21:59:53 - Run 1[/B]
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Susann\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,89 Gb Total Space | 28,81 Gb Free Space | 38,46% Space Free | Partition Type: NTFS
Drive E: | 72,68 Gb Total Space | 14,72 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
Drive F: | 669,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3360111819-2263618658-1332504136-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"systenn.exe" = C:\windows\systenn.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30A2B623-674A-42B3-B8E3-0D933527B868}" = lport=137 | protocol=17 | dir=in | app=system |
"{3132DF9E-03B4-4825-827C-D549640BE97B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3D5D851B-754A-4772-A615-27988C4F6A03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D6625F8-6F7E-45D8-B578-8EBD2A50818D}" = rport=138 | protocol=17 | dir=out | app=system |
"{42081C80-9875-4074-9864-C5E1346380A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A6280AE-421E-4364-98CC-3F1C391FED1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A9C53CE-0092-447B-85CB-61FF22E1DE22}" = lport=139 | protocol=6 | dir=in | app=system |
"{B337163A-D901-49EE-972F-878F4EF87784}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BCAD06FD-7CEB-422B-AEC0-C63CBA369DBD}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0778833-6CFD-4D39-9D00-0B98DA07DDA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9A0036B-20C0-4255-84CB-5E2E3F842407}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E34FDE-18A1-48B4-BC10-5CFD2154B467}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{172F4723-64F5-42A6-AEE6-DE7BE9142968}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1DEDC93A-0555-4A16-AAC9-9BB02E7A2EB0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1FF923A9-EE67-456A-B6D0-DD7DFA3E9C80}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{24A89DCD-D559-4390-ADF7-CA3A606401BC}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{24B2FC84-C6D8-45C3-8EC0-5EB7BE7E7701}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{2CDBF62E-007B-439D-BA04-6D1A4A96CF79}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{308A0276-CF53-4BB2-9B68-E1F7E3E3C181}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{35306BE2-70D9-4CC9-B77B-F2500FAA4880}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{3B0ECA59-C4BC-4375-B40D-5846BB06597F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D54378E-0E72-43D2-83DE-31EC69107F5D}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{402C5A27-F4D2-4E37-86D7-97375DA196EA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1199816171\ee\aolsoftware.exe |
"{4B81009B-F4BA-43F6-938E-79733FE25E63}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{5454707C-3726-4549-BE72-A13E745EA083}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{56F2EC18-CCF8-4D4B-854E-4051E60EBF97}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{5FA8BDBD-9F68-452E-A51D-6FBDBBA672C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6489DCE9-F311-48D0-9E27-1D1B964B7B56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1199816171\ee\aolsoftware.exe |
"{69479054-940C-4DB9-B1FC-D630557C06E3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{6BB2C04F-BC5F-45DE-A644-4C794B046B70}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{6F1DE195-125B-4525-9F46-C31E76D43A98}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{7991B07D-23F4-4CA5-99EE-B8820AE58C95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7C0F198A-1048-4E12-A5D0-79294D05CCAA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7CA58D73-527E-469E-A569-CA6F8AC07B5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{813DB451-C147-47BB-95BE-90B2C97DEE47}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{8B524476-AC73-4681-B937-946978FFC401}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{93326E4A-212D-4956-8211-688DA0EBCBF9}" = protocol=17 | dir=in | app=c:\users\susann\appdata\roaming\dropbox\bin\dropbox.exe |
"{957C71FF-57DC-4EB2-AC3D-29B5F0963FDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97136286-6785-4EAD-822F-22B949D37D86}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{9DC0FD6B-02C5-4090-BC4B-57D63CD0FD72}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{9EBBC401-3917-45E4-94A6-287D99A32C6D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A193B8E6-A99B-4808-8A4F-455A9BF64DA8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{A3010856-3964-442C-AEE2-D33093AB49BD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B0992DE4-7636-43AF-BA29-5AF36672D66B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B49D00C1-4110-4C64-B4DA-621C2A1D7DFB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{BFB3F9B4-A936-4E09-AAA0-DE013384C688}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{C031F72A-172D-4343-9553-FCEE3DC46DB5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{CACA90E3-497B-4EEA-ABF6-D6964AB10176}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{CB1E1004-E32C-4F5C-A1FC-8F7CA7AD8B6A}" = protocol=6 | dir=in | app=c:\users\susann\appdata\roaming\dropbox\bin\dropbox.exe |
"{D38E3764-5175-4968-9149-16E1BF77B24B}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{D3F30AC7-2F66-44BF-911A-BFCE9D7A12F7}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{DB1E069A-CA74-41E3-89BF-3DFFD361765F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{DD8212AF-24E4-46F4-A572-95BDD858F684}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{DFA263E9-7B26-4789-BB6D-CDDF451CE8B7}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{E2C4C8E7-6384-48D8-AEBF-986CC107B784}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{E3D9E956-33FC-48B6-990A-C0CD54BF23F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{EEF0A9FF-A7BF-493E-A502-54C46A9F6B57}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{FC1A901F-B417-4D46-B540-90D58676DB44}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU)
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6E91710-5BF5-43C5-AB81-C3E488133346}" = Sony Ericsson Drivers
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DCAD9BFC-47A4-414F-95BC-F9B8D68D036A}" = TSUNAMI-MPEG DVD Author PRO
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.13
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DeInst_d2vexcrd C:/Program Files/Top50 V4" = Top50 Viewer basierend auf Geogrid®-Viewer Version 2.2
"EOS USB WIA Driver" = EOS USB WIA Driver
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Geogrid_DynPerspView" = Geogrid® DynPerspView
"Google Updater" = Google Updater
"GPS-Track-Analyse.NET_is1" = 5.0.1
"GXTranscoder_is1" = GX::Transcoder v5.0
"Hessen 3D" = Hessen 3D
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot 1.0
"InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Java Web Start" = Java Web Start
"JLC's Internet TV" = JLC's Internet TV
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"LMSOFT Web Creator 3" = LMSOFT Web Creator 3
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Netscape (7.1)" = Netscape (7.1)
"Netzmanager" = Netzmanager
"QuickPar" = QuickPar 0.9
"Secure Eraser_is1" = Secure Eraser v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Update Service" = Update Service
"UseNeXT_is1" = UseNeXT
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Visual LightBox" = Visual LightBox
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- --- Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 10. April 2011 21:24
Es wird nach 2537417 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ****- PC
Versionsinformationen:
BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 11.12.2010 11:46:32
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16
LUKE.DLL : 10.0.3.2 104296 Bytes 11.12.2010 11:46:35
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:38:17
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:05:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 09:51:53
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 20:07:00
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 20:07:00
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 20:07:01
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 20:07:01
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 20:07:01
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 20:07:01
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 20:07:01
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 20:07:01
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 20:07:01
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 20:07:01
VBASE013.VDF : 7.11.5.235 2048 Bytes 07.04.2011 20:07:02
VBASE014.VDF : 7.11.5.236 2048 Bytes 07.04.2011 20:07:02
VBASE015.VDF : 7.11.5.237 2048 Bytes 07.04.2011 20:07:02
VBASE016.VDF : 7.11.5.238 2048 Bytes 07.04.2011 20:07:02
VBASE017.VDF : 7.11.5.239 2048 Bytes 07.04.2011 20:07:02
VBASE018.VDF : 7.11.5.240 2048 Bytes 07.04.2011 20:07:02
VBASE019.VDF : 7.11.5.241 2048 Bytes 07.04.2011 20:07:02
VBASE020.VDF : 7.11.5.242 2048 Bytes 07.04.2011 20:07:03
VBASE021.VDF : 7.11.5.243 2048 Bytes 07.04.2011 20:07:03
VBASE022.VDF : 7.11.5.244 2048 Bytes 07.04.2011 20:07:03
VBASE023.VDF : 7.11.5.245 2048 Bytes 07.04.2011 20:07:03
VBASE024.VDF : 7.11.5.246 2048 Bytes 07.04.2011 20:07:03
VBASE025.VDF : 7.11.5.247 2048 Bytes 07.04.2011 20:07:03
VBASE026.VDF : 7.11.5.248 2048 Bytes 07.04.2011 20:07:03
VBASE027.VDF : 7.11.5.249 2048 Bytes 07.04.2011 20:07:04
VBASE028.VDF : 7.11.5.250 2048 Bytes 07.04.2011 20:07:04
VBASE029.VDF : 7.11.5.251 2048 Bytes 07.04.2011 20:07:04
VBASE030.VDF : 7.11.5.252 2048 Bytes 07.04.2011 20:07:04
VBASE031.VDF : 7.11.6.19 95744 Bytes 08.04.2011 20:07:05
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 11.12.2010 11:46:30
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04.04.2011 15:36:28
AESCN.DLL : 8.1.7.2 127349 Bytes 11.12.2010 11:46:29
AESBX.DLL : 8.1.3.2 254324 Bytes 11.12.2010 11:46:30
AERDL.DLL : 8.1.9.9 639347 Bytes 31.03.2011 07:42:39
AEPACK.DLL : 8.2.6.0 549237 Bytes 09.04.2011 20:07:26
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04.04.2011 15:35:43
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 09.04.2011 20:07:22
AEHELP.DLL : 8.1.16.1 246134 Bytes 23.02.2011 09:52:14
AEGEN.DLL : 8.1.5.4 397684 Bytes 04.04.2011 15:34:15
AEEMU.DLL : 8.1.3.0 393589 Bytes 11.12.2010 11:46:27
AECORE.DLL : 8.1.20.2 196982 Bytes 09.04.2011 20:07:07
AEBB.DLL : 8.1.1.0 53618 Bytes 11.12.2010 11:46:26
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 16:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11.12.2010 11:46:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 11.12.2010 11:46:32
AVARKT.DLL : 10.0.22.6 231784 Bytes 11.12.2010 11:46:30
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 11.12.2010 11:46:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e83b7b8\guard_slideup.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Sonntag, 10. April 2011 21:24
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TosCoSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TODDSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TNaviSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxbccoms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IGDCTRL.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AOLAcsd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynToshiba.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZuneLauncher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'E:\Videos\wizard\incl-crack\Web Creator Pro v4 0 0 5 Multilangages Incl-Crack.exe'
E:\Videos\wizard\incl-crack\Web Creator Pro v4 0 0 5 Multilangages Incl-Crack.exe
[FUND] Ist das Trojanische Pferd TR/Meredrop.A.5772
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b32a548.qua' verschoben!
Ende des Suchlaufs: Sonntag, 10. April 2011 21:25
Benötigte Zeit: 00:26 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
63 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
62 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt. |
