|
Log-Analyse und Auswertung: TR/Meredrop.A.5772Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.04.2011, 22:13 | #1 |
| TR/Meredrop.A.5772 Hallo AntiVIR hat einen Trojaner gefunden und nun weiss ich nicht, wie ich den wieder los werde . Kann mir jemand helfen? Ich habe die LOGFILES: OTL , extra , Avira drin !OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.04.2011 21:59:53 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,89 Gb Total Space | 28,81 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Drive E: | 72,68 Gb Total Space | 14,72 Gb Free Space | 20,25% Space Free | Partition Type: NTFS Drive F: | 669,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days ========== Processes (SafeList) ========== PRC - [2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe PRC - [2011.03.18 12:57:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.11 13:46:35 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.11 13:46:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2010.10.18 21:15:07 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.14 11:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2008.03.03 15:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\ZoneAlarm\zlclient.exe PRC - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2008.01.28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.03.29 11:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (SafeList) ========== MOD - [2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service) SRV - [2011.03.18 12:57:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.11 13:46:35 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2010.11.11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2010.11.11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.08.13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.11.09 15:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.11.09 15:20:24 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.10.10 10:44:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.05 17:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService) SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2008.03.03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.01.28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2007.08.01 14:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 11:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - [2011.03.18 12:57:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.11 13:46:36 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.26 20:49:45 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.07.26 20:48:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.07.26 20:48:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.03.03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.19 07:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.07.27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2007.06.19 09:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2007.06.01 13:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I) DRV - [2006.12.06 01:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.09 15:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 6080 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 6080 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 13:28:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.10 09:34:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010.10.07 20:53:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011.03.10 09:34:33 | 000,000,000 | ---D | M] [2010.05.14 14:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Extensions [2010.05.14 14:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.09 22:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susann\AppData\Roaming\mozilla\Firefox\Profiles\rdmiy0rc.default\extensions [2010.05.30 13:08:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Susann\AppData\Roaming\mozilla\Firefox\Profiles\rdmiy0rc.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011.04.09 22:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.03.06 14:35:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.06 14:35:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [0x017] File not found O4 - Startup: C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Reg Error: Key error. File not found O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (MetaStreamCtl Class) O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} hxxp://www3.snapfish.de/SnapfishActivia3.cab (Snapfish Activia3) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1211448055 (Image Uploader Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Java Plug-in 1.4.1_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17d3dd40-5f4b-11df-b56e-00038a000015}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe O33 - MountPoints2\{2e91a941-ba54-11de-aeb1-00038a000015}\Shell\AutoRun\command - "" = G:\installer.exe O33 - MountPoints2\{9d2a71b8-e1a8-11dd-925b-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{9d2a71b8-e1a8-11dd-925b-00038a000015}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9d2a720c-e1a8-11dd-925b-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{9d2a720c-e1a8-11dd-925b-00038a000015}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ad36e6e7-02fe-11de-ab58-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ad36e6e7-02fe-11de-ab58-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{cd29e791-4b19-11dd-8b73-00038a000015}\Shell\AutoRun\command - "" = D:\starter.exe O33 - MountPoints2\{d467c00a-69f5-11de-9803-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d467c00a-69f5-11de-9803-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2011.04.10 21:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.10 21:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.10 21:42:30 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Susann\Desktop\Erunt-setup.exe [2011.04.10 21:42:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe [2011.04.10 21:42:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Susann\Desktop\TFC.exe [2011.04.10 07:54:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.10 07:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.10 07:54:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.10 07:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.09 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Susann\AppData\Roaming\Avira [2011.04.09 15:57:46 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\Web Creator [2011.03.31 14:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter [2011.03.31 14:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Doc Converter [2011.03.30 06:19:12 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\WP_000002 [2011.03.28 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901 [2009.05.15 20:29:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeCBCD.dll [2008.12.21 18:23:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Susann\AppData\Roaming\pcouffin.sys [2008.05.20 19:37:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll [2008.05.20 19:37:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll [2008.05.20 19:37:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll [2008.05.20 19:37:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll [2008.05.20 19:37:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll [2008.05.20 19:37:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll [2008.05.20 19:37:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll [2008.05.20 19:37:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll [2008.05.20 19:37:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll [2008.05.20 19:37:47 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll [2008.05.20 19:37:47 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe [2008.05.20 19:37:46 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe [2008.05.20 19:37:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll [2008.05.20 19:37:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll [2008.05.20 19:37:45 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe ========== Files - Modified Within 14 Days ========== [2011.04.10 22:03:33 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41BCEC00-6076-4D3E-B508-98F337E631E7}.job [2011.04.10 22:00:41 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.10 21:58:43 | 000,352,614 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.04.10 21:57:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.10 21:57:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.10 21:57:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.10 21:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.10 21:57:24 | 2009,157,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.10 21:53:59 | 000,663,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.10 21:53:59 | 000,623,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.10 21:53:59 | 000,136,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.10 21:53:59 | 000,112,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.10 21:48:14 | 000,000,878 | ---- | M] () -- C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.04.10 21:48:11 | 000,000,698 | ---- | M] () -- C:\Users\Susann\Desktop\NTREGOPT.lnk [2011.04.10 21:48:11 | 000,000,679 | ---- | M] () -- C:\Users\Susann\Desktop\ERUNT.lnk [2011.04.10 21:42:46 | 000,301,568 | ---- | M] () -- C:\Users\Susann\Desktop\g2m3e4r.exe [2011.04.10 21:42:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Susann\Desktop\Erunt-setup.exe [2011.04.10 21:42:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\TFC.exe [2011.04.10 21:42:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Susann\Desktop\OTL.exe [2011.04.10 21:20:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.10 19:57:10 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2011.04.10 19:57:10 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for [2011.04.10 19:43:48 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.04.10 07:54:05 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.09 22:15:27 | 000,000,953 | ---- | M] () -- C:\Users\Susann\Desktop\Web Creator 3.lnk [2011.04.08 13:13:00 | 000,143,715 | ---- | M] () -- C:\Users\Susann\Documents\vog9143483.pdf [2011.04.04 21:43:39 | 000,015,708 | ---- | M] () -- C:\Users\Susann\Documents\überweisungen.odt [2011.04.04 20:58:25 | 000,087,201 | ---- | M] () -- C:\Users\Susann\Documents\Sgiend0400111040411120.pdf [2011.04.03 12:13:08 | 000,019,659 | ---- | M] () -- C:\Users\Susann\AppData\Local\internal.grp [2011.03.31 14:15:23 | 000,040,625 | ---- | M] () -- C:\Users\Susann\kaufvertrag.pdf [2011.03.31 14:10:12 | 000,000,827 | ---- | M] () -- C:\Users\Susann\Desktop\Free PDF to Word Doc Converter.lnk [2011.03.30 06:19:12 | 001,828,356 | ---- | M] () -- C:\Users\Susann\Documents\WP_000002.zip [2011.03.30 05:55:58 | 196,104,213 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.28 22:52:29 | 000,032,673 | ---- | M] () -- C:\Users\Susann\vollmacht_2005.pdf [2011.03.28 22:47:17 | 000,028,867 | ---- | M] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.pdf [2011.03.28 22:46:12 | 000,033,033 | ---- | M] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.zip [2011.03.28 09:23:00 | 000,000,680 | ---- | M] () -- C:\Users\Susann\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2011.04.10 21:48:14 | 000,000,878 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.04.10 21:48:11 | 000,000,698 | ---- | C] () -- C:\Users\Susann\Desktop\NTREGOPT.lnk [2011.04.10 21:48:11 | 000,000,679 | ---- | C] () -- C:\Users\Susann\Desktop\ERUNT.lnk [2011.04.10 21:42:30 | 000,301,568 | ---- | C] () -- C:\Users\Susann\Desktop\g2m3e4r.exe [2011.04.10 19:57:10 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn [2011.04.10 19:57:10 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for [2011.04.10 07:54:05 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.09 22:15:27 | 000,000,953 | ---- | C] () -- C:\Users\Susann\Desktop\Web Creator 3.lnk [2011.04.08 13:12:57 | 000,143,715 | ---- | C] () -- C:\Users\Susann\Documents\vog9143483.pdf [2011.04.04 21:42:13 | 000,015,708 | ---- | C] () -- C:\Users\Susann\Documents\überweisungen.odt [2011.04.04 20:58:23 | 000,087,201 | ---- | C] () -- C:\Users\Susann\Documents\Sgiend0400111040411120.pdf [2011.03.31 14:15:22 | 000,040,625 | ---- | C] () -- C:\Users\Susann\kaufvertrag.pdf [2011.03.31 14:10:12 | 000,000,827 | ---- | C] () -- C:\Users\Susann\Desktop\Free PDF to Word Doc Converter.lnk [2011.03.30 06:18:44 | 001,828,356 | ---- | C] () -- C:\Users\Susann\Documents\WP_000002.zip [2011.03.28 22:52:29 | 000,032,673 | ---- | C] () -- C:\Users\Susann\vollmacht_2005.pdf [2011.03.28 22:47:17 | 000,028,867 | ---- | C] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.pdf [2011.03.28 22:46:10 | 000,033,033 | ---- | C] () -- C:\Users\Susann\Documents\kf05DE035080___2011032822443202606766901.zip [2010.09.29 13:43:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.08.23 11:12:47 | 000,019,659 | ---- | C] () -- C:\Users\Susann\AppData\Local\internal.grp [2010.08.23 11:08:05 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2010.08.23 10:54:09 | 000,004,753 | ---- | C] () -- C:\Windows\ULEAD32.INI [2010.04.11 18:22:15 | 000,000,121 | ---- | C] () -- C:\Windows\Winamp.ini [2010.03.17 20:27:27 | 000,087,184 | ---- | C] () -- C:\Windows\NSUninst.exe [2010.03.17 20:27:05 | 000,087,184 | ---- | C] () -- C:\Windows\GREUninstall.exe [2010.03.17 20:27:03 | 000,009,606 | ---- | C] () -- C:\Windows\mozver.dat [2009.07.22 16:18:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.04.05 18:26:14 | 003,361,136 | ---- | C] () -- C:\Program Files\pplivesetup_1.9.23.exe [2009.02.24 19:22:10 | 000,057,763 | ---- | C] () -- C:\Program Files\anmeldung_2008.pdf [2009.02.19 16:15:02 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.26 17:46:49 | 029,066,112 | ---- | C] () -- C:\Program Files\TE4XP_Trial_4.6.3.268_setup_de.exe [2008.12.21 18:26:12 | 000,000,671 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\vso_ts_preview.xml [2008.12.21 18:23:54 | 000,087,608 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\inst.exe [2008.12.21 18:23:54 | 000,007,887 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\pcouffin.cat [2008.12.21 18:23:53 | 000,001,144 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\pcouffin.inf [2008.09.23 10:10:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.23 10:10:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.07 13:56:46 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008.07.03 22:56:12 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.07.01 12:15:37 | 000,000,680 | ---- | C] () -- C:\Users\Susann\AppData\Local\d3d9caps.dat [2008.06.22 14:50:13 | 000,000,016 | -H-- | C] () -- C:\Users\Susann\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.06.22 14:50:13 | 000,000,016 | -H-- | C] () -- C:\Users\Susann\AppData\Local\mxfilerelatedcache.mxc2 [2008.06.12 17:15:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2008.06.12 17:15:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2008.06.12 17:15:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2008.06.12 17:15:40 | 000,049,152 | ---- | C] () -- C:\Windows\VFind.exe [2008.06.12 11:19:21 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.06.10 13:38:19 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.06.10 13:38:18 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2008.06.10 13:38:18 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2008.06.10 13:38:18 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2008.06.10 13:38:18 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2008.06.10 13:38:18 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.06.05 06:46:44 | 000,000,094 | ---- | C] () -- C:\Users\Susann\AppData\Local\fusioncache.dat [2008.05.31 13:57:35 | 000,000,343 | ---- | C] () -- C:\Windows\Lexstat.ini [2008.05.28 13:04:31 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini [2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.05.20 19:37:52 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll [2008.05.20 19:37:51 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll [2008.05.15 17:33:35 | 000,002,779 | ---- | C] () -- C:\Windows\tm.ini [2008.04.08 08:54:12 | 000,167,275 | ---- | C] () -- C:\Program Files\rechnung öl.xps [2008.04.07 09:56:39 | 002,782,994 | ---- | C] () -- C:\Program Files\DeepBurner19.exe [2008.03.15 15:00:43 | 000,000,311 | ---- | C] () -- C:\Windows\pdf2word.INI [2008.03.14 10:48:31 | 000,024,206 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\UserTile.png [2008.03.04 13:50:39 | 000,000,245 | ---- | C] () -- C:\Windows\BUHL.INI [2008.03.04 12:57:34 | 000,000,633 | ---- | C] () -- C:\Windows\wiso.ini [2008.02.11 23:36:22 | 000,000,039 | ---- | C] () -- C:\Users\Susann\AppData\Roaming\AVSDVDPlayer.m3u [2008.01.22 20:30:27 | 000,243,200 | ---- | C] () -- C:\Users\Susann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.18 16:08:59 | 113,658,554 | ---- | C] () -- C:\Program Files\OOo_2.3.1_Win32Intel_install_de.exe [2008.01.09 12:52:58 | 000,796,048 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll [2008.01.09 12:40:06 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.08 20:16:02 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.14 10:27:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.09.14 10:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.09.14 10:00:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.09.14 10:00:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.09.14 10:00:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.09.14 10:00:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.09.14 09:59:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.09.14 09:59:38 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.09.14 09:59:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.09.14 09:59:38 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.09.14 09:59:38 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.09.14 09:59:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.09.14 09:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2007.09.14 09:44:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.09.14 09:40:24 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.09.14 08:25:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.14 08:24:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.09.14 08:24:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.09.14 08:23:59 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 17:33:31 | 000,663,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,136,050 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,295,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,623,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,112,302 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.12.22 21:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini [2005.10.25 14:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [1996.08.22 03:07:02 | 000,000,640 | ---- | C] () -- C:\Windows\TBINSDT.DAT < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.04.2011 21:59:53 - Run 1[/B] OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Susann\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,89 Gb Total Space | 28,81 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Drive E: | 72,68 Gb Total Space | 14,72 Gb Free Space | 20,25% Space Free | Partition Type: NTFS Drive F: | 669,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3360111819-2263618658-1332504136-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "systenn.exe" = C:\windows\systenn.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{30A2B623-674A-42B3-B8E3-0D933527B868}" = lport=137 | protocol=17 | dir=in | app=system | "{3132DF9E-03B4-4825-827C-D549640BE97B}" = lport=138 | protocol=17 | dir=in | app=system | "{3D5D851B-754A-4772-A615-27988C4F6A03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3D6625F8-6F7E-45D8-B578-8EBD2A50818D}" = rport=138 | protocol=17 | dir=out | app=system | "{42081C80-9875-4074-9864-C5E1346380A4}" = rport=137 | protocol=17 | dir=out | app=system | "{7A6280AE-421E-4364-98CC-3F1C391FED1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A9C53CE-0092-447B-85CB-61FF22E1DE22}" = lport=139 | protocol=6 | dir=in | app=system | "{B337163A-D901-49EE-972F-878F4EF87784}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{BCAD06FD-7CEB-422B-AEC0-C63CBA369DBD}" = lport=445 | protocol=6 | dir=in | app=system | "{E0778833-6CFD-4D39-9D00-0B98DA07DDA1}" = rport=445 | protocol=6 | dir=out | app=system | "{F9A0036B-20C0-4255-84CB-5E2E3F842407}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E34FDE-18A1-48B4-BC10-5CFD2154B467}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{172F4723-64F5-42A6-AEE6-DE7BE9142968}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{1DEDC93A-0555-4A16-AAC9-9BB02E7A2EB0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{1FF923A9-EE67-456A-B6D0-DD7DFA3E9C80}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{24A89DCD-D559-4390-ADF7-CA3A606401BC}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{24B2FC84-C6D8-45C3-8EC0-5EB7BE7E7701}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{2CDBF62E-007B-439D-BA04-6D1A4A96CF79}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | "{308A0276-CF53-4BB2-9B68-E1F7E3E3C181}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{35306BE2-70D9-4CC9-B77B-F2500FAA4880}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{3B0ECA59-C4BC-4375-B40D-5846BB06597F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3D54378E-0E72-43D2-83DE-31EC69107F5D}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{402C5A27-F4D2-4E37-86D7-97375DA196EA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1199816171\ee\aolsoftware.exe | "{4B81009B-F4BA-43F6-938E-79733FE25E63}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | "{5454707C-3726-4549-BE72-A13E745EA083}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | "{56F2EC18-CCF8-4D4B-854E-4051E60EBF97}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{5FA8BDBD-9F68-452E-A51D-6FBDBBA672C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6489DCE9-F311-48D0-9E27-1D1B964B7B56}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1199816171\ee\aolsoftware.exe | "{69479054-940C-4DB9-B1FC-D630557C06E3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{6BB2C04F-BC5F-45DE-A644-4C794B046B70}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{6F1DE195-125B-4525-9F46-C31E76D43A98}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{7991B07D-23F4-4CA5-99EE-B8820AE58C95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{7C0F198A-1048-4E12-A5D0-79294D05CCAA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{7CA58D73-527E-469E-A569-CA6F8AC07B5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{813DB451-C147-47BB-95BE-90B2C97DEE47}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{8B524476-AC73-4681-B937-946978FFC401}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{93326E4A-212D-4956-8211-688DA0EBCBF9}" = protocol=17 | dir=in | app=c:\users\susann\appdata\roaming\dropbox\bin\dropbox.exe | "{957C71FF-57DC-4EB2-AC3D-29B5F0963FDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97136286-6785-4EAD-822F-22B949D37D86}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{9DC0FD6B-02C5-4090-BC4B-57D63CD0FD72}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe | "{9EBBC401-3917-45E4-94A6-287D99A32C6D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{A193B8E6-A99B-4808-8A4F-455A9BF64DA8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{A3010856-3964-442C-AEE2-D33093AB49BD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{B0992DE4-7636-43AF-BA29-5AF36672D66B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B49D00C1-4110-4C64-B4DA-621C2A1D7DFB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{BFB3F9B4-A936-4E09-AAA0-DE013384C688}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{C031F72A-172D-4343-9553-FCEE3DC46DB5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{CACA90E3-497B-4EEA-ABF6-D6964AB10176}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{CB1E1004-E32C-4F5C-A1FC-8F7CA7AD8B6A}" = protocol=6 | dir=in | app=c:\users\susann\appdata\roaming\dropbox\bin\dropbox.exe | "{D38E3764-5175-4968-9149-16E1BF77B24B}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{D3F30AC7-2F66-44BF-911A-BFCE9D7A12F7}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{DB1E069A-CA74-41E3-89BF-3DFFD361765F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | "{DD8212AF-24E4-46F4-A572-95BDD858F684}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{DFA263E9-7B26-4789-BB6D-CDDF451CE8B7}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe | "{E2C4C8E7-6384-48D8-AEBF-986CC107B784}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{E3D9E956-33FC-48B6-990A-C0CD54BF23F7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{EEF0A9FF-A7BF-493E-A502-54C46A9F6B57}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{FC1A901F-B417-4D46-B540-90D58676DB44}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai "{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian "{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation "{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{17B2670B-DB33-4F5E-9273-0E5CDF39DA5F}" = Windows Phone Intro Video (DEU) "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard "{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German "{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00 "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian "{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager "{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian "{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4 "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese "{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher "{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese "{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime "{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard "{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish "{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver "{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam "{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0 "{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot "{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish "{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2 "{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French "{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3 "{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish "{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish "{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup "{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6E91710-5BF5-43C5-AB81-C3E488133346}" = Sony Ericsson Drivers "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek "{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese "{DCAD9BFC-47A4-414F-95BC-F9B8D68D036A}" = TSUNAMI-MPEG DVD Author PRO "{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.13 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch "{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static "{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0 "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02 "{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "AOL Deinstallation" = AOL Deinstallation "AOL Installations-Manager" = AOL Installations-Manager "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DeInst_d2vexcrd C:/Program Files/Top50 V4" = Top50 Viewer basierend auf Geogrid®-Viewer Version 2.2 "EOS USB WIA Driver" = EOS USB WIA Driver "ERUNT_is1" = ERUNT 1.1j "FileZilla Client" = FileZilla Client 3.3.4.1 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Geogrid_DynPerspView" = Geogrid® DynPerspView "Google Updater" = Google Updater "GPS-Track-Analyse.NET_is1" = 5.0.1 "GXTranscoder_is1" = GX::Transcoder v5.0 "Hessen 3D" = Hessen 3D "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot 1.0 "InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "IrfanView" = IrfanView (remove only) "Java Web Start" = Java Web Start "JLC's Internet TV" = JLC's Internet TV "KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard "Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series "LMSOFT Web Creator 3" = LMSOFT Web Creator 3 "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Netscape (7.1)" = Netscape (7.1) "Netzmanager" = Netzmanager "QuickPar" = QuickPar 0.9 "Secure Eraser_is1" = Secure Eraser v2.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5 "TomTom HOME" = TomTom HOME 2.7.3.1894 "TOSHIBA Software Modem" = TOSHIBA Software Modem "Update Service" = Update Service "UseNeXT_is1" = UseNeXT "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only) "Visual LightBox" = Visual LightBox "VLC media player" = VideoLAN VLC media player 0.8.6d "Winamp" = Winamp (remove only) "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinGimp-2.0_is1" = GIMP 2.4.4 "WinRAR archiver" = WinRAR "ZoneAlarm" = ZoneAlarm "Zune" = Zune ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 10. April 2011 21:24 Es wird nach 2537417 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 1) [6.0.6001] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ****- PC Versionsinformationen: BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 11.12.2010 11:46:32 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16 LUKE.DLL : 10.0.3.2 104296 Bytes 11.12.2010 11:46:35 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:38:17 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:05:50 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 09:51:53 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 20:07:00 VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 20:07:00 VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 20:07:01 VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 20:07:01 VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 20:07:01 VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 20:07:01 VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 20:07:01 VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 20:07:01 VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 20:07:01 VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 20:07:01 VBASE013.VDF : 7.11.5.235 2048 Bytes 07.04.2011 20:07:02 VBASE014.VDF : 7.11.5.236 2048 Bytes 07.04.2011 20:07:02 VBASE015.VDF : 7.11.5.237 2048 Bytes 07.04.2011 20:07:02 VBASE016.VDF : 7.11.5.238 2048 Bytes 07.04.2011 20:07:02 VBASE017.VDF : 7.11.5.239 2048 Bytes 07.04.2011 20:07:02 VBASE018.VDF : 7.11.5.240 2048 Bytes 07.04.2011 20:07:02 VBASE019.VDF : 7.11.5.241 2048 Bytes 07.04.2011 20:07:02 VBASE020.VDF : 7.11.5.242 2048 Bytes 07.04.2011 20:07:03 VBASE021.VDF : 7.11.5.243 2048 Bytes 07.04.2011 20:07:03 VBASE022.VDF : 7.11.5.244 2048 Bytes 07.04.2011 20:07:03 VBASE023.VDF : 7.11.5.245 2048 Bytes 07.04.2011 20:07:03 VBASE024.VDF : 7.11.5.246 2048 Bytes 07.04.2011 20:07:03 VBASE025.VDF : 7.11.5.247 2048 Bytes 07.04.2011 20:07:03 VBASE026.VDF : 7.11.5.248 2048 Bytes 07.04.2011 20:07:03 VBASE027.VDF : 7.11.5.249 2048 Bytes 07.04.2011 20:07:04 VBASE028.VDF : 7.11.5.250 2048 Bytes 07.04.2011 20:07:04 VBASE029.VDF : 7.11.5.251 2048 Bytes 07.04.2011 20:07:04 VBASE030.VDF : 7.11.5.252 2048 Bytes 07.04.2011 20:07:04 VBASE031.VDF : 7.11.6.19 95744 Bytes 08.04.2011 20:07:05 Engineversion : 8.2.4.206 AEVDF.DLL : 8.1.2.1 106868 Bytes 11.12.2010 11:46:30 AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04.04.2011 15:36:28 AESCN.DLL : 8.1.7.2 127349 Bytes 11.12.2010 11:46:29 AESBX.DLL : 8.1.3.2 254324 Bytes 11.12.2010 11:46:30 AERDL.DLL : 8.1.9.9 639347 Bytes 31.03.2011 07:42:39 AEPACK.DLL : 8.2.6.0 549237 Bytes 09.04.2011 20:07:26 AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04.04.2011 15:35:43 AEHEUR.DLL : 8.1.2.97 3428726 Bytes 09.04.2011 20:07:22 AEHELP.DLL : 8.1.16.1 246134 Bytes 23.02.2011 09:52:14 AEGEN.DLL : 8.1.5.4 397684 Bytes 04.04.2011 15:34:15 AEEMU.DLL : 8.1.3.0 393589 Bytes 11.12.2010 11:46:27 AECORE.DLL : 8.1.20.2 196982 Bytes 09.04.2011 20:07:07 AEBB.DLL : 8.1.1.0 53618 Bytes 11.12.2010 11:46:26 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 16:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 11.12.2010 11:46:31 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 11.12.2010 11:46:32 AVARKT.DLL : 10.0.22.6 231784 Bytes 11.12.2010 11:46:30 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 11.12.2010 11:46:17 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e83b7b8\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Sonntag, 10. April 2011 21:24 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ULCDRSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TosCoSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TomTomHOMEService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TODDSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TNaviSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Netzmanager_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lxbccoms.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IGDCTRL.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AOLAcsd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynToshiba.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ZuneLauncher.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleCrashHandler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PresentationFontCache.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'E:\Videos\wizard\incl-crack\Web Creator Pro v4 0 0 5 Multilangages Incl-Crack.exe' E:\Videos\wizard\incl-crack\Web Creator Pro v4 0 0 5 Multilangages Incl-Crack.exe [FUND] Ist das Trojanische Pferd TR/Meredrop.A.5772 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b32a548.qua' verschoben! Ende des Suchlaufs: Sonntag, 10. April 2011 21:25 Benötigte Zeit: 00:26 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 63 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 62 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. |
11.04.2011, 08:16 | #2 | ||
| TR/Meredrop.A.5772 Moin
__________________Zitat:
Zitat:
http://www.trojaner-board.de/51262-a...sicherung.html Wenn nicht, solltest du dir über den Umgang mit dem Internet ein wenig mehr gedanken machen. Mit anderen Worten, du solltest dein Surfverhalten ändern. EDIT: Sorry war n Crack MFG
__________________ |
Themen zu TR/Meredrop.A.5772 |
antivir, avgntflt.sys, avira, bho, cdburnerxp, conduit, druck, dsl, eraser, error, firefox, flash player, format, google, helper, home, location, microsoft office word, mozilla, mp3, nodrives, nt.dll, oldtimer, plug-in, prozesse, realtek, registry, rojaner gefunden, rundll, safer networking, saver, scan, searchplugins, security, shell32.dll, skype.exe, software, sparbuch, start menu, studio, svchost.exe, trojaner, trojaner gefunden, usb, usenext, vista, visual studio |