Trojaner-Board - Offen Ich verschicke Spammail

Hallo,

seit einigen Tagen verschicke ich Spammail von meinem Mail-Account. Bin ein wenig verzweifelt. AntiVir kann nichts Auffälliges finden. Habe mir vor einiger Zeit Thunderbird zugelegt. Könnte es damit zusammenhängen?

Nun ja. Hier die Informationen aus
Malwarebytes:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4113

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

19.05.2010 01:36:14
mbam-log-2010-05-19 (01-36-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 117430
Laufzeit: 12 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Und OTL

Code:

OTL logfile created on: 19.05.2010 01:41:13 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***-PC

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\ShrewSoft\VPN Client\dtpd.exe ()

PRC - C:\Programme\ShrewSoft\VPN Client\iked.exe ()

PRC - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()

PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe ()

PRC - C:\Windows\System32\lxducoms.exe ( )

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)

PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)

PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()

PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Symantec Core LC) --  File not found

SRV - (Automatisches LiveUpdate - Scheduler) --  File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()

SRV - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()

SRV - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )

SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

SRV - (de_serv) -- C:\Programme\Common Files\AVM\DE_SERV.EXE (AVM Berlin)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)

DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)

DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech                  )

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.5

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 18:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 18:07:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.01.15 22:45:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009.04.17 16:57:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.31 17:13:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.03.29 23:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.03.29 23:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.05.19 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions

[2010.04.28 01:40:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.20 14:03:31 | 000,000,000 | ---D | M] (NewsFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}

[2010.01.26 19:20:26 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009.04.06 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\khzkv7es.default\extensions\moveplayer@movenetworks.com

[2009.01.15 22:46:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\jct92j5c.default\extensions

[2010.04.07 22:58:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2009.12.07 18:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2008.08.29 09:16:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2010.01.25 14:20:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.25 14:20:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.25 14:20:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.25 14:20:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.25 14:20:20 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()

O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)

O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()

O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()

O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [TerraTec Remote Control] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)

O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)

O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()

O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -  File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.12.22 23:42:21 | 000,000,083 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{3d4c1e18-f5d5-11dc-a485-0016d4fd02cc}\Shell\verb1\command - "" = desktop.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.05.19 01:38:14 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.05.19 01:21:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.05.19 01:21:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.05.19 01:21:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.05.19 01:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.05.19 01:21:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.05.19 01:20:37 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe

[2010.05.19 01:10:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\51464-anleitung-ccleaner-Dateien

[2010.05.19 00:58:00 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe

[2010.05.19 00:35:34 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe

[2010.05.10 19:10:44 | 000,000,000 | ---D | C] -- C:\Programme\Teachmaster 4.3

[2010.05.09 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Vokabeln

[2009.12.28 22:02:30 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll

[2009.12.28 22:02:29 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll

[2009.12.28 22:02:29 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll

[2009.12.28 22:02:28 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll

[2009.12.28 22:02:28 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll

[2009.12.28 22:02:28 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll

[2009.12.28 22:02:28 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll

[2009.12.28 22:02:27 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll

[2009.12.28 22:02:25 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll

[2009.12.28 22:02:25 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT

[2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys

[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe

[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg

[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg

[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg

[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg

[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html

[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe

[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe

[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job

[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys

[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar

[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk

[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk

[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe

[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz

[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.05.19 01:39:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fsvclw.sys

[2010.05.19 01:21:41 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 01:18:00 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011758.reg

[2010.05.19 01:17:32 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011730.reg

[2010.05.19 01:16:29 | 000,002,100 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011627.reg

[2010.05.19 01:14:40 | 000,060,736 | ---- | C] () -- C:\Users\***\Documents\cc_20100519_011435.reg

[2010.05.19 01:10:57 | 000,055,604 | ---- | C] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html

[2010.05.12 20:51:34 | 028,053,890 | ---- | C] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar

[2010.05.10 19:42:29 | 000,000,132 | ---- | C] () -- C:\Users\***\Desktop\unidad 3.kk

[2010.05.10 19:10:45 | 000,000,905 | ---- | C] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk

[2010.05.10 19:10:16 | 000,933,622 | ---- | C] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe

[2010.05.09 22:17:54 | 000,001,278 | ---- | C] () -- C:\Users\***\Documents\Unidad 3.pau.gz

[2010.04.19 15:35:12 | 000,114,313 | ---- | C] () -- C:\Users\***\Desktop\Tanzarchiv.pdf

[2009.12.28 22:11:27 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll

[2009.12.28 22:09:25 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll

[2009.12.28 22:06:55 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll

[2009.12.28 22:06:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll

[2009.12.28 22:06:54 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll

[2009.12.28 22:03:47 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini

[2009.12.28 22:02:30 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll

[2009.12.28 22:02:26 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll

[2009.12.22 23:41:43 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.09.30 19:06:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2008.09.30 18:58:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini

[2007.10.03 22:28:24 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll

[2007.10.03 22:28:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll

[2007.09.06 21:29:45 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2007.09.02 01:45:33 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll

[2007.09.02 01:45:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll

[2007.09.02 01:45:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll

[2007.09.02 01:45:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.09.02 01:45:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll

[2007.08.20 17:29:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\libxml2.dll.off

[2007.08.20 17:29:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll.off

[2007.08.20 17:29:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll.off

[2007.08.20 17:29:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll.off

[2007.07.08 17:05:23 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI

[2007.03.14 10:34:13 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007.03.13 13:03:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007.03.13 13:03:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007.03.13 13:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007.03.13 13:03:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007.03.13 13:03:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007.03.13 12:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007.03.13 12:31:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007.03.13 12:31:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007.03.13 12:31:43 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007.03.13 12:31:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2006.12.05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.24 08:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005.11.23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 

[2010.05.19 01:45:42 | 000,000,000 | R--D | M] -- C:\Users\***\Desktop

[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT

[2010.05.19 01:42:02 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1

[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.05.19 01:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Temp

[2010.05.19 01:21:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.05.19 01:21:43 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 01:21:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes

[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe

[2010.05.19 01:20:37 | 000,000,000 | R--D | M] -- C:\Users\***\Documents

[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg

[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg

[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg

[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg

[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html

[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe

[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe

[2010.05.19 00:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job

[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.05.18 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2

[2010.05.18 12:05:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats

[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar

[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk

[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk

[2010.05.10 19:10:45 | 000,000,000 | ---D | M] -- C:\Programme\Teachmaster 4.3

[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe

[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz

[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.04.30 12:38:46 | 000,000,000 | R--D | M] -- C:\Users\***\Music

[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.04.27 12:26:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark 5600-6600 Series

[2010.04.26 00:12:44 | 000,000,000 | R--D | M] -- C:\Users\***\Downloads

[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.05.19 01:42:02 | 002,883,584 | -HS- | M] () -- C:\Users\***\NTUSER.DAT

[2010.05.19 01:39:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fsvclw.sys

[2010.05.19 01:38:22 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2010.05.19 01:21:41 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 01:20:45 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Documents\mbam-setup.exe

[2010.05.19 01:18:01 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011758.reg

[2010.05.19 01:17:40 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011730.reg

[2010.05.19 01:16:32 | 000,002,100 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011627.reg

[2010.05.19 01:14:54 | 000,060,736 | ---- | M] () -- C:\Users\***\Documents\cc_20100519_011435.reg

[2010.05.19 01:11:02 | 000,055,604 | ---- | M] () -- C:\Users\***\Desktop\51464-anleitung-ccleaner.html

[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.05.19 01:07:51 | 000,005,056 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.05.19 00:58:03 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\***\Documents\ccsetup231.exe

[2010.05.19 00:35:42 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Documents\HiJackThis.exe

[2010.05.19 00:14:32 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{102961D4-B19D-43EE-9063-54F4E8709B09}.job

[2010.05.19 00:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.05.19 00:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.05.19 00:07:37 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys

[2010.05.18 12:59:25 | 002,951,872 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db

[2010.05.12 20:54:37 | 028,053,890 | ---- | M] () -- C:\Users\***\Documents\Die_drei_Fragezeichen_-_Der_Todesflug.rar

[2010.05.10 19:42:29 | 000,000,132 | ---- | M] () -- C:\Users\***\Desktop\unidad 3.kk

[2010.05.10 19:10:45 | 000,000,905 | ---- | M] () -- C:\Users\***\Desktop\Teachmaster 4.3.lnk

[2010.05.10 19:10:19 | 000,933,622 | ---- | M] () -- C:\Users\***\Documents\teachmaster_4-3_setup.exe

[2010.05.09 22:17:55 | 000,001,278 | ---- | M] () -- C:\Users\***\Documents\Unidad 3.pau.gz

[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.04.29 15:22:24 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.04.29 15:22:24 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.04.29 15:22:24 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.04.29 15:22:24 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.04.29 15:22:24 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.19 15:35:12 | 000,114,313 | ---- | M] () -- C:\Users\***\Desktop\Tanzarchiv.pdf

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 

< End of report >

Teil 2

----> im nächsten thread

Der erste Teil meine Frage steht wohl hier drunter

Code:

OTL Extras logfile created on: 19.05.2010 01:41:14 - Run 1

OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.014,00 Mb Total Physical Memory | 239,00 Mb Available Physical Memory | 24,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 9,69 Gb Free Space | 17,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 54,43 Gb Total Space | 44,68 Gb Free Space | 82,09% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***-PC

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 

"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 

"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 

"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 

"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 

"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 

"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 

"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 

"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 

"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 

"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 

"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 

"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 

"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 

"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 

"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe | 

"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | 

"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 

"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 

"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 

"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | 

"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe | 

"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 

"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 

"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = 

"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6

"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7

"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3

"AMP WinOFF" = AMP WinOFF

"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"Beach King" = Beach King

"Blender" = Blender (remove only)

"CCleaner" = CCleaner

"Citavi" = Citavi 2.5

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1

"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"IrfanView" = IrfanView (remove only)

"Klabutong_is1" = Klabutong v1.1

"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series

"LucasArts' Monkey4" = LucasArts' Monkey4

"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)

"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"NVIDIA Drivers" = NVIDIA Drivers

"RealPlayer 6.0" = RealPlayer

"Samplitude V8 SE D" = Samplitude V8 SE (D)

"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows

"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Uninstall_is1" = Uninstall 1.0.0.1

"VST Bridge_is1" = VST Bridge 1.1

"Vyrox" = Vyrox

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

"WinGimp-2.0_is1" = GIMP 2.4.5

"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment

"WinRAR archiver" = WinRAR

"Zattoo" = Zattoo 3.3.4 Beta

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"VisualComposer 2" = Visual Composer .NET 2.0.2

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 
 

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{391EDCFB-7A79-43FD-8C7C-8B6CB2930541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{3E0B7280-C497-4677-ACCA-92F7A8379C5C}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02C024DA-7FEF-40A8-A97E-6A1D0AC95E92}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{149C314E-B405-4E04-81B8-93BD892E3C0F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{21D06E25-B76F-4A44-AB5E-09C08B55FF3F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 

"{2308EB16-F62E-4BF0-B278-3E334EEA4724}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 

"{2B57ED73-1888-4352-9205-C70377A3F729}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{42056D5B-038B-4731-9C44-C4003A91F01E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{43EA11F7-D883-4A8F-AE77-11FAC172D407}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{511B2131-1E47-4B96-AEE5-DD9CF4863765}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{71b65a83-57c8-434a-b68d-599dcbc6c1cf}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{581BE40F-8005-4BD7-9135-BDC4B6F826E8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{5BAF2359-A172-4FF4-A53E-A167421E378F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{60E03551-8BD5-4EAC-8CAB-43C9DC62B78D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{615944D8-DA8E-4B70-93CC-5111AF2B6BEC}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{656B058C-BAFA-4B5F-9E78-C8B92EDF7AD1}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{9694fd3a-75c9-4de6-bc96-28d8ed0901d7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{6D2D0537-6C7A-4933-9328-E714CBC44411}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{0f7f3571-1f4a-413b-8722-cd19ccd0476b}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{702FAF91-5FB1-4035-9C9C-3E588824CF52}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{89532db1-61db-4a45-b0fe-3e561668a1c3}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{8412F619-8CF0-4EBF-BE19-8D7218639EC5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 

"{877D4558-EB7C-4FE5-B6F8-2A5338B8D50A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 

"{8DEFFBAC-5F0F-4E19-850A-B36160D83480}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 

"{9D736E65-04CC-4280-A54D-2108C2227FBD}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{A1F40BC4-7AF9-4937-9281-ADA8DDA3F8BB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 

"{B12DB7B3-7409-4962-A075-52CDB23AEBE3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{B4456981-DADD-43D7-B8B0-2EB551CA0F46}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 

"{BE2FE07C-F2D8-4FAF-8931-698AC99DB185}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 

"{C156E20A-15C9-4BE6-B937-7EC04637DAF9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 

"{C2C0AAEA-4237-4B8D-8714-8A29D179315E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 

"{D2078CE8-ED79-4FA3-81D3-6748EB8A4AA2}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"{D6A8F499-1CE8-4DAD-A59B-E8B20F64D295}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 

"{DEA14B29-5CF8-4C05-9FC1-7168EF567423}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 

"{E64C1880-3FFA-47BB-A937-D8AE87957F79}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 

"{E7F49578-3A88-481A-B6B6-D15929674D15}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 

"{FFCAE57D-35D6-4BC8-B0F7-0C185EF0C5D8}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\{ab8e9209-1682-4ec9-9273-3c0ad36b6468}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 

"TCP Query User{0B045133-B3D9-4695-B6B4-59A9540A1CFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{2AB4E9BE-9271-4493-B413-D714007E42F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{2FBBBD88-6922-4166-8707-299DE6FE0AE0}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 

"TCP Query User{30A5FDDD-2938-4068-B959-84A2C4B4F147}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"TCP Query User{3C21318D-5D37-4286-8D2B-AC07451039EE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"TCP Query User{4D717057-CC0D-4409-9F97-86F8D25F89E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{5A0AD2E3-6F22-4A49-82B6-E17992A2FCA9}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 

"TCP Query User{5A2067B2-8403-40EC-B772-B159E28A9E81}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 

"TCP Query User{61D07E3B-A5BC-4FC7-90EC-356DE32AE305}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"TCP Query User{7026D4F5-D70E-4339-8F11-2A59AB2224A2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"TCP Query User{73C2887E-4D98-4AC0-87A3-72A109A6DF37}C:\users\***\documents\routerclient.exe" = protocol=6 | dir=in | app=c:\users\***\documents\routerclient.exe | 

"TCP Query User{8CB28C80-21A0-45DD-90A2-307A74352E74}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{9A796E35-7F20-4680-83F7-C0668C56A91B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{9B243E8B-08F6-42E1-8405-CC0FA23EA8DD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{BDF9E6FF-963A-477C-B9AB-BA4135BE55C8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"TCP Query User{D7C8C4C3-FFD3-4019-A57C-A8268BA13342}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | 

"TCP Query User{F4772DAF-7FF2-4F0C-A60C-D42F1D227481}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 

"UDP Query User{0703D69C-316E-4C7F-A48A-D866509DACB8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 

"UDP Query User{0921FB2D-1E0E-4377-BAC5-80A12A00560B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{4AF33BA4-16FF-4F4A-8AC9-DB47365841EE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"UDP Query User{572E9803-640C-4C0D-A7E8-C1CF8CAB37A4}C:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_dhcpfind.zip\dhcpfind.exe | 

"UDP Query User{59155E06-4698-4841-8A5C-9E27830FB282}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 

"UDP Query User{6C31E94B-C9BF-4E9C-8A3D-ED840D5FCC5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{79C2DB77-62D4-41AF-950A-832CF505DC23}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{8B0F6041-E819-4C14-87A7-9F98EC82FDD5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{A1F60DDC-35F8-45F7-B088-9F260693B458}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | 

"UDP Query User{B269A7AF-AA8E-4EF8-B9CD-789BE7CCB66B}C:\users\***\documents\routerclient.exe" = protocol=17 | dir=in | app=c:\users\***\documents\routerclient.exe | 

"UDP Query User{CDA62B96-4274-4FEB-9ACD-53E50A73C2AD}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe | 

"UDP Query User{D49E3E28-CE25-4F7B-A413-82D4A912A7D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{E009E83A-B57C-44AE-BEFC-AC44AC1124BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{E1BAE7D3-0A1A-4DEE-8550-E4C81A740193}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 

"UDP Query User{E50193E4-5C9C-45DA-A594-644121A9809A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 

"UDP Query User{F32CA204-52DF-4EE4-A2B5-1BFF46E24201}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{F436BCCA-A001-4EC1-A446-B984C81830FE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" = 

"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6

"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.7

"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3

"AMP WinOFF" = AMP WinOFF

"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"Beach King" = Beach King

"Blender" = Blender (remove only)

"CCleaner" = CCleaner

"Citavi" = Citavi 2.5

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1

"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"IrfanView" = IrfanView (remove only)

"Klabutong_is1" = Klabutong v1.1

"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series

"LucasArts' Monkey4" = LucasArts' Monkey4

"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)

"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"NVIDIA Drivers" = NVIDIA Drivers

"RealPlayer 6.0" = RealPlayer

"Samplitude V8 SE D" = Samplitude V8 SE (D)

"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows

"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Uninstall_is1" = Uninstall 1.0.0.1

"VST Bridge_is1" = VST Bridge 1.1

"Vyrox" = Vyrox

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

"WinGimp-2.0_is1" = GIMP 2.4.5

"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment

"WinRAR archiver" = WinRAR

"Zattoo" = Zattoo 3.3.4 Beta

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"VisualComposer 2" = Visual Composer .NET 2.0.2

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

CCleaner hat nichts gefunden.

Ich hoffe ihr könnt mir helfen.

Beste Grüße.