|
Virenwarnung von web.de bekommen, daraufhin Login gesperrt Einen schönen guten Morgen, vorgestern wurde mir mein Zugang zu web.de mit dem Hinweis "Virenwarnung" gesperrt, da ich plötzlich unendlich viele Spam-Mails bekommen habe. Daraufhin habe ich alles durchgescannt und es wurden auch Viren gefunden. Diese habe ich leider bereits gelöscht bevor ich auf dieses Forum gestoßen bin. Nun habe ich Bedenken, dass mein Rechner noch nicht sauber sein könnte. Ich habe OTL und Gmer durchgeführt. Kann mir jemand dabei helfen? Ich traue mich nicht ins Internet (bin jetzt an einem anderen Rechner). Vielen Dank vorab für die Hilfe. OTL.TXT: OTL logfile created on: 9/20/2012 8:00:54 PM - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Heike\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.40% Memory free 5.73 Gb Paging File | 4.25 Gb Available in Paging File | 74.19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 142.51 Gb Free Space | 33.56% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.12 Gb Free Space | 52.80% Space Free | Partition Type: NTFS Drive F: | 122.71 Mb Total Space | 91.79 Mb Free Space | 74.80% Space Free | Partition Type: FAT Computer Name: MAMAHEIKE-PC | User Name: Mama Heike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/19 09:56:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Heike\Desktop\OTL.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/03 10:52:56 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/04 15:29:24 | 001,370,224 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/06/14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011/04/19 16:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010/10/13 16:21:08 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2010/07/20 18:21:40 | 000,323,280 | ---- | M] (Napster) -- C:\Users\Public\Programme\napster.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/04/20 17:57:18 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe PRC - [2010/03/29 17:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Public\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007/09/13 16:47:08 | 002,846,720 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\Tunebite\tunebite.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe ========== Modules (No Company Name) ========== MOD - [2012/07/12 20:07:26 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\d0981ac2a5c158f32ae5126437b5a537\Vodafone.View.ManagedToolTip.ni.dll MOD - [2012/07/12 20:07:25 | 000,876,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\47bb1dd545cfa7cc24333695b8326098\Vodafone.View.Shared.ni.dll MOD - [2012/07/12 20:07:24 | 000,607,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\452f2c794296bc3c4d76ddbc746a1d2c\Vodafone.View.SecondaryWindows.ni.dll MOD - [2012/07/12 20:07:22 | 000,943,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\2e862d5fb7ea288c3e6f038a98837f80\Vodafone.BusinessLogic.ni.dll MOD - [2012/07/12 20:07:20 | 000,050,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\36ade0bd561894700538d476a039864a\Vodafone.Contracts.Adapter.ni.dll MOD - [2012/07/12 20:07:19 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\01bc6715d9fd6e74a4e2f3a74c73ff61\Spring.Core.ni.dll MOD - [2012/07/12 20:07:14 | 001,303,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\68e45643116190979faac529c7e746db\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll MOD - [2012/07/12 20:07:12 | 003,346,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\eb3bfe4332deefed3bf42fac4ec2c13a\Infragistics2.Win.Misc.v9.2.ni.dll MOD - [2012/07/12 20:07:08 | 011,050,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\99d7d0e3f5d380da3c5d920ccf2db21e\Infragistics2.Win.v9.2.ni.dll MOD - [2012/07/12 20:06:59 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\ab508eb66f0918950878416de02e0657\Infragistics2.Shared.v9.2.ni.dll MOD - [2012/07/12 20:06:57 | 007,135,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\e162a49f9e823a32e3cb53f7b821c629\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll MOD - [2012/07/12 20:06:49 | 000,100,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\c24df5833933258fad9319f1a649c9e9\Vodafone.Core.Contracts.ni.dll MOD - [2012/07/12 20:06:49 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\282c1e89e125dcc264f8d6b6d769d6dd\Vodafone.Contracts.Presenter.ni.dll MOD - [2012/07/12 20:06:48 | 000,132,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\41b1fe111b3e4c76028f496c86ff0292\Vodafone.Contracts.Model.ni.dll MOD - [2012/07/12 20:06:47 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\2a340f9e6c26b35cd2c8c879cf981276\Vodafone.Contracts.View.ni.dll MOD - [2012/07/12 20:06:47 | 000,094,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\7d8cf231ee57d0809fd3f4ddff5efcbc\Vodafone.Contracts.Common.ni.dll MOD - [2012/07/12 20:06:44 | 000,341,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\78546a6db6f085acff1f662f76566395\Vodafone.CommonDialogs.ni.dll MOD - [2012/07/12 20:06:43 | 000,947,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\e2c356ca25c2115b5029a14e6f2b4824\Vodafone.ApplicationHost.Impl.ni.dll MOD - [2012/07/12 20:06:41 | 000,080,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\ff9620d99525adfbcdf796bc7b1f6681\Vodafone.SmsProfileManager.ni.dll MOD - [2012/07/12 20:06:40 | 000,326,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\2c94ea3c69958dda179e3dc3e1212b7a\Vodafone.DataAccessor.ni.dll MOD - [2012/07/12 20:06:39 | 002,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\e164cc0d1870f069fdc5fc611c7e3fb7\MobileBroadbandResources.ni.dll MOD - [2012/07/12 20:06:38 | 000,673,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\8d6722713d001ca3d718acf2e075a73f\Vodafone.Data.ni.dll MOD - [2012/07/12 20:06:38 | 000,158,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\cc28c84050892d50b271f75d46ffc4fc\Vodafone.Base.Contracts.ni.dll MOD - [2012/07/12 20:06:36 | 001,368,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\6f3ccd540fe8d8cf3fb8139e152a6422\Vodafone.Platform.ni.dll MOD - [2012/07/12 20:06:33 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\3b9c3d4a478d75f77af3958a041efc8a\MobileBroadband.ni.exe MOD - [2012/07/12 20:00:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll MOD - [2012/07/12 19:59:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/07/12 19:59:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/07/12 19:59:24 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012/05/15 19:41:05 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012/05/15 19:37:45 | 000,252,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\d875cb130701d0b90206efb48323ebc0\Interop.FNCClient11Lib.ni.dll MOD - [2012/05/15 19:37:45 | 000,034,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\3c750543c407467308902915174e75c5\Vodafone.UpdateManager.ni.dll MOD - [2012/05/15 19:37:44 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\cddf9e9419dd1c2d624ac06a831ad5fc\Vodafone.Model.Connection.ni.dll MOD - [2012/05/15 19:37:39 | 000,084,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\a08c47f5faf939670b9ee3e44b344c87\Vodafone.Core.Remoting.ni.dll MOD - [2012/05/15 19:37:38 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\b818bc9ebb6d64bce9a9141214bf9d62\Vodafone.Core.CoreInstanceProvider.ni.dll MOD - [2012/05/15 19:37:37 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\da585a0e8fd730f9e2e02f023a6c527b\Vodafone.TrafficOptimiser.ni.dll MOD - [2012/05/15 19:37:37 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\67923f65761c10f4eb601e4b18c0e8a8\Vodafone.DeviceAccess.Factory.ni.dll MOD - [2012/05/15 19:37:36 | 000,108,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\71e9690f708adaaa465fa8b42128194e\Vodafone.LanWlanManager.ni.dll MOD - [2012/05/15 19:37:35 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\c8b01d9f87fc374fb0e4339b5e0e2ff4\Interop.Shell32.ni.dll MOD - [2012/05/15 19:37:35 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\d381c07b5443809baf258f298cf1553a\Vodafone.Vpn.ni.dll MOD - [2012/05/15 19:37:34 | 000,392,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\fbcc880cc6dd77283e67af92c3871b97\Vodafone.MbbManagement.ni.dll MOD - [2012/05/15 19:37:34 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.MbnApi\994f7097ad179590040095c8cb139c8e\Interop.MbnApi.ni.dll MOD - [2012/05/15 19:37:33 | 000,498,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\8318cc5a769d5706ef277ab6724cf9d6\Vodafone.DeviceAccess.Internals.ni.dll MOD - [2012/05/15 19:37:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\a0447494ac1428c8a6408aeec6283346\Vodafone.DeviceAccess.Interfaces.ni.dll MOD - [2012/05/15 19:37:32 | 000,733,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\2ff720d60a36b2eeb539be6e3d0cf135\Vodafone.WwanWrapper.ni.dll MOD - [2012/05/15 19:37:31 | 000,673,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e91f954c3c918f68ac7bf5b21dc78b74\Vodafone.ConnectionServices.ni.dll MOD - [2012/05/15 19:37:30 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\11de210c0e4b51440933bad2154ec67b\Vodafone.Core.Interfaces.ni.dll MOD - [2012/05/15 19:37:27 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\34f8b2f928fa5b8686082a43c53844c0\Common.Logging.ni.dll MOD - [2012/05/15 19:37:24 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\f0c8f32b0b7be87778392900211c1860\Vodafone.InstanceProvider.Impl.ni.dll MOD - [2012/05/15 19:36:53 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\8c3da5aecaf5ab7fd9ef5fadcff80ca3\Vodafone.DeviceAccess.Contracts.ni.dll MOD - [2012/05/15 19:36:51 | 000,089,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\21ee4dd9d3f844d96c94abf19af8d28f\Vodafone.Base.Internals.ni.dll MOD - [2012/05/15 19:36:51 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\8a6baf48f3ee80ffc6640d7bde79b8ac\Vodafone.Base.Factory.ni.dll MOD - [2012/05/15 19:36:50 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e277c95f687dd7aa3fed11d5656cde6c\Vodafone.ConnectionManagement.ni.dll MOD - [2012/05/15 19:36:46 | 000,350,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\3dfd8a9926a38969e3661d8d820c0a2c\Vodafone.ReportingManager.ni.dll MOD - [2012/05/15 19:36:46 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\b19c879356d0b73e8dc103f13c04608c\Vodafone.OutlookConnector.ni.dll MOD - [2012/05/15 19:36:45 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\2d5550752acbe3af137e0e7c9ec234cd\Vodafone.SmsContactManager.ni.dll MOD - [2012/05/15 19:36:41 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\938887f74b8aceca5c5fb19dbadd2d68\Vodafone.SettingsManager.ni.dll MOD - [2012/05/15 19:36:39 | 000,074,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\e89d2535fdced323f089cc78cf0f2455\Vodafone.NtServiceMessaging.ni.dll MOD - [2012/05/15 19:36:38 | 000,321,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\e2cc55b33a578ef6ce6011e45dd02fea\Vodafone.Base.Win32.ni.dll MOD - [2012/05/15 19:36:37 | 000,181,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\2e0756b9dad381d55f34143a60ea115c\Vodafone.Common.ni.dll MOD - [2012/05/15 19:36:37 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\d62f95eb50be59c66f0fdb403419d5c8\Vodafone.MobileBroadband.CallbackHandler.ni.dll MOD - [2012/05/15 19:36:32 | 000,094,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\d0df2ffa13991dc97e847b7ef68a7b06\Vodafone.LogEngine.ni.dll MOD - [2012/05/15 19:36:23 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012/05/15 19:33:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/15 19:33:52 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012/05/15 19:33:50 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012/05/15 19:32:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll MOD - [2012/05/15 19:32:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/15 19:32:32 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll MOD - [2012/05/15 19:32:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/15 19:32:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/15 19:32:22 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/15 19:32:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011/11/04 15:30:58 | 001,868,912 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2011/11/04 15:29:50 | 007,559,792 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wgui12.dll MOD - [2011/11/04 15:29:24 | 001,370,224 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2011/11/04 15:29:02 | 004,278,896 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wauff12.dll MOD - [2011/11/04 15:29:02 | 000,135,792 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2011/11/04 15:29:00 | 000,028,672 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2011/11/04 15:26:38 | 002,943,600 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wcore12.dll MOD - [2011/11/04 15:26:36 | 001,607,792 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wreli12.dll MOD - [2011/11/04 15:26:30 | 001,537,136 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2011/11/04 15:26:30 | 000,318,064 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2011/11/04 15:26:28 | 000,261,232 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2011/11/04 14:47:20 | 000,865,280 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtCLuceners47.dll MOD - [2011/11/04 14:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2011/11/04 14:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtWebKitrs47.dll MOD - [2011/11/04 14:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtTestrs47.dll MOD - [2011/11/04 14:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtScriptrs47.dll MOD - [2011/11/04 14:47:12 | 000,704,000 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtSqlrs47.dll MOD - [2011/11/04 14:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtSvgrs47.dll MOD - [2011/11/04 14:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtGuirs47.dll MOD - [2011/11/04 14:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\Qt3Supportrs47.dll MOD - [2011/11/04 14:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtNetworkrs47.dll MOD - [2011/11/04 14:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtXmlrs47.dll MOD - [2011/11/04 14:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files\WISO\Steuersoftware 2012\QtCorers47.dll MOD - [2011/04/19 16:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll MOD - [2010/05/18 08:49:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/04/10 03:21:42 | 000,022,528 | ---- | M] () -- C:\PROGRA~1\WinTV\TVServer\HauppaugeTVServerps.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2007/09/06 13:32:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Tunebite\vorbisfile.dll MOD - [2007/09/06 13:31:48 | 001,007,616 | ---- | M] () -- C:\Program Files\Tunebite\vorbis.dll MOD - [2007/09/06 13:31:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Tunebite\ogg.dll MOD - [2007/03/22 15:27:20 | 001,740,800 | ---- | M] () -- C:\Program Files\Tunebite\dllMiniplayU.dll MOD - [2006/10/05 15:15:24 | 000,172,032 | ---- | M] () -- C:\Program Files\Tunebite\iPodManager.dll MOD - [2006/05/30 09:53:18 | 000,315,392 | ---- | M] () -- C:\Program Files\Tunebite\RapTra30U.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Users\Public\Programme\Spybot -- (SBSDWSCService) SRV - [2012/09/13 19:52:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/03 10:52:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater) SRV - [2012/08/25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/08/15 20:54:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/12 13:07:16 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc) SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/04/19 16:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2010/03/29 17:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/08/21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/08/21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/08/21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/08/21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/08/21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/08/21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011/04/18 15:43:26 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011/04/18 15:43:24 | 000,191,872 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010/09/01 14:33:12 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/03/11 09:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010/03/11 09:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/01/27 20:56:48 | 000,054,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw17bda.sys -- (hcw17bda) DRV - [2010/01/27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/08/18 14:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009/08/18 14:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009/08/18 14:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/08/18 14:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/08/18 14:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/09/06 13:40:26 | 000,026,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb128?a=6OyOvs5mY0&i=26 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=3412_1&babsrc=SP_ss&mntrId=947725b800000000000000262dc04d51 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=kw&q={searchTerms}&locale=&apn_ptnrs=RN&apn_dtid=YYYYYYYYIT&apn_uid=FFB9F63B-4043-4AB5-86B0-E4024990941C&apn_sauid=98E81D55-8F4C-4CEB-91D4-F5B179AA68D2 IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyOvs5mY0&i=26 IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{F5C40006-0789-44AC-B709-3C1C69DBEAED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb128?a=6OyOvs5mY0&i=26" FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2 FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6OyOvs5mY0&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011/07/09 20:12:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/27 19:26:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/05 20:46:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/09/18 17:37:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 18:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/10 18:42:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/27 19:26:14 | 000,000,000 | ---D | M] [2012/09/05 19:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Extensions [2012/09/18 17:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions [2012/08/19 11:32:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/09/06 19:35:17 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011/08/20 14:56:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\ffxtlbr@babylon.com [2012/09/18 17:37:55 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\ffxtlbr@incredibar.com [2012/09/18 17:37:14 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\OneClickDownload@OneClickDownload.com [2012/09/18 17:37:23 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Mama Heike\AppData\Roaming\mozilla\Firefox\Profiles\jypnab52.default\extensions\plugin@yontoo.com [2012/09/05 18:58:10 | 000,002,400 | ---- | M] () -- C:\Users\Mama Heike\AppData\Roaming\Mozilla\Firefox\Profiles\jypnab52.default\searchplugins\askcom.xml [2012/09/18 17:37:38 | 000,002,203 | ---- | M] () -- C:\Users\Mama Heike\AppData\Roaming\Mozilla\Firefox\Profiles\jypnab52.default\searchplugins\MyStart Search.xml [2012/08/17 10:21:21 | 000,002,519 | ---- | M] () -- C:\Users\Mama Heike\AppData\Roaming\Mozilla\Firefox\Profiles\jypnab52.default\searchplugins\Search_Results.xml [2011/09/06 19:35:10 | 000,003,915 | ---- | M] () -- C:\Users\Mama Heike\AppData\Roaming\Mozilla\Firefox\Profiles\jypnab52.default\searchplugins\sweetim.xml [2012/09/10 18:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/08/24 13:03:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/10 18:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions [2012/09/10 18:42:53 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de [2012/09/05 20:46:46 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2011/07/27 19:26:14 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2011/07/09 20:12:48 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\VODAFONE\VODAFONE MOBILE BROADBAND\OPTIMIZATION CLIENT\ADDON [2012/08/25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/07/20 18:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2012/08/25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/22 16:19:05 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/08/25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/08/25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/08/17 10:21:21 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012/08/25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/08/25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\Public\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [NapsterShell] C:\Users\Public\Programme\napster.exe (Napster) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Users\Public\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [tunebite.exe] C:\Program Files\Tunebite\tunebite.exe (RapidSolution Software AG) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Mama Heike\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mama Heike\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\Public\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2D8900-E8AB-4BC1-9EEF-2C1F60ADF1E4}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{57500806-bcea-11df-924b-1c4bd6e50b25}\Shell - "" = AutoRun O33 - MountPoints2\{57500806-bcea-11df-924b-1c4bd6e50b25}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{5750080c-bcea-11df-924b-1c4bd6e50b25}\Shell - "" = AutoRun O33 - MountPoints2\{5750080c-bcea-11df-924b-1c4bd6e50b25}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{7154d752-c4ef-11e0-b5ae-00262dc04d51}\Shell - "" = AutoRun O33 - MountPoints2\{7154d752-c4ef-11e0-b5ae-00262dc04d51}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{7154d754-c4ef-11e0-b5ae-00262dc04d51}\Shell - "" = AutoRun O33 - MountPoints2\{7154d754-c4ef-11e0-b5ae-00262dc04d51}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{782a70b5-1729-11e0-9443-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{782a70b5-1729-11e0-9443-00a0c6000000}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{bda0c1c4-aa58-11e0-a4fe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bda0c1c4-aa58-11e0-a4fe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{f88cdc83-bcd1-11df-ac96-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f88cdc83-bcd1-11df-ac96-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/20 19:04:02 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\Malwarebytes [2012/09/20 19:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/20 19:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/20 19:03:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/20 19:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/18 17:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2012/09/18 17:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater [2012/09/18 17:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012/09/18 17:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/09/18 17:36:40 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\Desktop\Mario [2012/09/18 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload [2012/09/15 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Local\eMule [2012/09/15 17:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [2012/09/15 17:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\eMule [2012/09/13 21:01:00 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\WinRAR [2012/09/13 21:01:00 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/09/13 21:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012/09/13 21:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012/09/13 20:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/09/13 20:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012/09/13 18:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012/09/13 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\uTorrent [2012/09/13 18:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2012/09/10 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/09/10 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/09/05 18:53:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/09/05 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\TuneUp Software [2012/09/05 18:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/09/05 18:04:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/09/05 18:04:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/05 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\OpenCandy [2012/08/22 16:18:47 | 000,000,000 | ---D | C] -- C:\Users\Mama Heike\AppData\Roaming\YourFileDownloader [2012/08/22 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/20 19:53:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/20 19:48:18 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/20 19:35:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/20 19:35:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/20 19:27:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2012/09/20 19:27:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012/09/20 19:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/20 19:27:19 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012/09/20 18:44:07 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/09/20 18:44:07 | 000,616,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/20 18:44:07 | 000,130,424 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/09/20 18:44:07 | 000,106,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/19 18:54:51 | 000,000,000 | ---- | M] () -- C:\Users\Mama Heike\defogger_reenable [2012/09/18 17:37:57 | 000,000,751 | ---- | M] () -- C:\user.js [2012/09/15 17:20:06 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk [2012/09/13 20:30:21 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/09/13 18:55:39 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/09/10 18:43:11 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/05 20:46:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012/09/05 18:55:26 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/09/05 18:02:19 | 000,001,268 | ---- | M] () -- C:\Users\Mama Heike\Desktop\Free YouTube Download.lnk [2012/09/05 18:02:19 | 000,001,205 | ---- | M] () -- C:\Users\Mama Heike\Desktop\DVDVideoSoft Free Studio.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/20 19:03:57 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/19 18:54:51 | 000,000,000 | ---- | C] () -- C:\Users\Mama Heike\defogger_reenable [2012/09/19 18:53:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2012/09/15 17:20:06 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk [2012/09/13 20:30:21 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/09/13 18:55:39 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/09/10 18:43:10 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/09/05 18:55:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/09/05 18:55:26 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/08/22 16:19:17 | 000,000,751 | ---- | C] () -- C:\user.js [2012/07/25 06:25:27 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/06/07 22:24:59 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll [2012/02/04 20:29:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012/02/04 20:29:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011/12/29 16:54:22 | 000,000,934 | ---- | C] () -- C:\Windows\wiso.ini [2011/07/01 15:58:25 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini [2011/07/01 15:58:03 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2011/07/01 15:58:03 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/07/01 15:57:45 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2011/07/01 15:57:06 | 000,006,038 | ---- | C] () -- C:\Windows\HCWPNP.INI [2011/04/18 15:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010/09/10 20:28:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011/08/20 14:56:12 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Babylon [2011/12/29 16:59:06 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Buhl Data Service [2011/01/09 15:30:49 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Bytemobile [2012/09/05 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\DVDVideoSoft [2012/08/19 11:32:47 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\DVDVideoSoftIEHelpers [2012/02/04 20:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\FreePDF [2011/07/06 18:59:01 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\go [2010/09/10 20:25:21 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Gutscheinmieze [2010/09/10 17:44:06 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\IObit [2012/09/05 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\OpenCandy [2011/01/22 22:16:18 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Opera [2011/08/12 15:11:19 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\PC Suite [2012/08/21 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Philipp Winterberg [2012/02/05 02:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\SoftGrid Client [2010/10/17 13:32:24 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\TP [2012/08/05 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\tunebite [2012/09/05 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\TuneUp Software [2012/09/13 18:55:40 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\uTorrent [2011/08/12 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Vodafone [2011/08/12 15:31:29 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Vodafone Mobile Broadband [2011/01/23 01:47:58 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\Vodafone Mobile Connect [2012/08/22 16:18:47 | 000,000,000 | ---D | M] -- C:\Users\Mama Heike\AppData\Roaming\YourFileDownloader [2012/09/20 19:27:59 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job [2010/11/12 18:12:53 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\CreateChoiceProcessTask.job [2011/11/23 20:13:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > EXTRAS.TXT: OTL Extras logfile created on: 9/19/2012 7:01:07 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Heike\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.45% Memory free 5.73 Gb Paging File | 4.53 Gb Available in Paging File | 79.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 142.88 Gb Free Space | 33.64% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.12 Gb Free Space | 52.80% Space Free | Partition Type: NTFS Drive F: | 122.71 Mb Total Space | 91.79 Mb Free Space | 74.80% Space Free | Partition Type: FAT Computer Name: MAMAHEIKE-PC | User Name: Mama Heike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Users\Public\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Users\Public\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Users\Public\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BD40123-A754-41DF-AF42-E62EBF5B32E1}" = lport=10243 | protocol=6 | dir=in | app=system | "{163ABDED-3096-46B4-9074-207513825BD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E5F5766-B6BA-4C02-BBD0-5770E66C4598}" = rport=10243 | protocol=6 | dir=out | app=system | "{20E43667-00A9-42BC-AA7E-9F4E6FF49C71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2393987C-6293-471B-B823-15ECCDDCF475}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{27635C4F-434E-4D26-BAD2-5235723F71FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2DDB6786-BFDC-4CD0-A7A0-80AA5D41EB05}" = lport=137 | protocol=17 | dir=in | app=system | "{32F70392-66F0-4971-A4F9-2C64FCFD07DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3510CF17-F5EF-4EA2-8EF8-E678271254EB}" = lport=138 | protocol=17 | dir=in | app=system | "{38A370DC-77AA-4E32-B064-F88B5BB4F803}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3A326454-F60A-4BE1-BB5B-ACBF230FD21F}" = lport=139 | protocol=6 | dir=in | app=system | "{3D73037A-4BAD-4805-9F09-A27E8FDA570B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3FD58A4F-1ADC-4392-B0ED-43FAAD1991E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{42417AD5-A34F-461A-AA24-F80A85225349}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{430DEBA0-6C39-4D88-B3EB-75EE67C979DF}" = rport=139 | protocol=6 | dir=out | app=system | "{4D92DBA6-9FF1-4445-99F0-30323D02CFED}" = lport=445 | protocol=6 | dir=in | app=system | "{68CB6655-52A7-463A-912F-BA4E674D3931}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{72B804B1-3F04-4D63-BF11-EA9CD2530CE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78A4E5F3-9642-49DB-9504-28B754F1195C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7C929A39-3DEC-4A35-AC00-523A91C9D878}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B652B03-4F01-4E26-8C6E-7CB33A80401E}" = rport=137 | protocol=17 | dir=out | app=system | "{918FFB1F-0516-4F3F-818C-724FCE1C4BA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C326B9D6-9599-4E1D-A402-C3BE06B5125C}" = rport=138 | protocol=17 | dir=out | app=system | "{C3728858-23EA-4D83-804A-458C2B450B27}" = rport=445 | protocol=6 | dir=out | app=system | "{F0314FD2-8544-4127-B0CA-027DB4F3FFC7}" = lport=2869 | protocol=6 | dir=in | app=system | "{F91ED3DE-4172-45EC-8D01-CBAB2CF27AB7}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC059C5D-8359-47F1-B88A-754536940B16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06FE0BCD-CDD0-4735-BD6F-61A8A19BC972}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{0B794838-A347-4E6C-AA53-072C9D738EE3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{0D7CD169-ACB1-45A9-BD74-C65EB3148D0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E76DAF7-687D-4F9F-9AF9-0DE2147095CF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{1D61C07E-CDB5-4669-838B-D2BFED977D45}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{20027A54-C746-49FE-BBD7-E8E8EBB99DB4}" = protocol=17 | dir=in | app=c:\users\public\opera.exe | "{20950152-D235-4D8A-90EE-0516AC1DB36B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{22048B06-DC71-473C-9926-93752AF2C740}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2C2C5EFE-5347-4E5D-942A-E21D50E60BED}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "{41C69F19-1B2F-4A6E-A36A-4908B0D48105}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4353F046-37B8-4CB9-940F-B0A1AA47B94B}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | "{4DAB9FA0-80DA-4E79-9D24-F51C877803CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4EE0966F-9DB5-4148-B84D-825F0542B77D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{521FCF53-E996-4EC9-BBE5-D80087F23ABD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5DE8CAFD-3C74-48A2-B8AB-B2CA38A2635F}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | "{6385F0ED-7C7F-4AD4-A7B7-292D4DE2252D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{673BCAEC-570A-4D38-8778-23D5820B9F9A}" = protocol=17 | dir=in | app=c:\program files\tunebite\tunebitehelper.exe | "{7154697D-C65B-471A-9BCC-92A15AAF8955}" = protocol=17 | dir=in | app=c:\users\public\opera.exe | "{76FF6097-B33B-43CE-8BAF-935620B3BBA5}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | "{7BB6E3D1-73DE-45E8-9BE0-F12379443EAE}" = protocol=6 | dir=out | app=system | "{8747F26B-9919-470B-B86B-2E7D77BC9A5A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{9110BD73-3423-43DE-901B-1E28E9D68C67}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{9492F312-54CF-404D-AF7F-D7C26886720F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96537734-59CF-4BC0-884A-D5E5F40F2CB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{98E7C554-74AB-4D79-BF6D-D5006F1BB45E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9A9BE3AE-1B03-43C1-BC2C-2EB3F4D3AE4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9D58BBB4-21E0-4D2C-A91E-782B030C5F51}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9DB92A7A-85DE-4846-965B-877D2803B999}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | "{A5F674D1-97BC-4782-897D-73B9D844F67A}" = protocol=6 | dir=in | app=c:\users\public\opera.exe | "{AFAB3A58-0EC6-44A5-A646-87F59DB9F32C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B2F1A00D-EF76-444C-99CA-2E668F0C2F81}" = protocol=6 | dir=in | app=c:\program files\tunebite\tunebitehelper.exe | "{BF8B23DA-6D6D-49F4-83B9-E67BAE6ABA4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C22681ED-08CF-4CC5-BBA7-079219F6EE93}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CFE9DDEE-EBFE-46A7-80E0-8B21E2BCB957}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E7CED772-6366-4A85-9902-0BB33BF040A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F051BC2B-CB22-4CF0-9A9A-2CD988416C1D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{F3584771-34CA-4AD0-8001-5644EFEB95B0}" = protocol=6 | dir=in | app=c:\users\public\opera.exe | "{FD9F4095-0299-4E1D-B640-F5B396909AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{2BE78D59-CA80-4753-A376-B73170D9D76B}C:\users\public\programme\napster.exe" = protocol=6 | dir=in | app=c:\users\public\programme\napster.exe | "TCP Query User{54005B71-6D9E-4B46-AF36-FCBACB3C7A1D}C:\Program Files\eMule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{DB442CC4-1F16-47E5-8422-348BF919D255}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{E1891CAB-AD67-401F-A590-491886E7B212}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | "UDP Query User{6FBAB653-76D2-4715-B0BC-5F21ED8B6D9C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{88ADD6E5-FD6D-4738-9B55-8280AA4D0D87}C:\Program Files\eMule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B8074CD6-EAF9-4064-98BD-67DACAFC71D4}C:\users\public\programme\napster.exe" = protocol=17 | dir=in | app=c:\users\public\programme\napster.exe | "UDP Query User{DBF3B861-990E-4C68-A5CC-15D4637D278B}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3 "{1D9943F4-2568-6DE3-0F01-C4A5BC665703}" = Napster 5 Beta "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{30099004-43E8-A86D-E746-C3683CBD45C7}" = myphotobook.de "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.506 "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Snap_is1" = Ashampoo Snap "avast" = avast! Free Antivirus "com.Rhapsody.Napster5" = Napster 5 Beta "de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de "Easy Video Joiner_is1" = Easy Video Joiner 5.21 "eMule" = eMule "Free Studio_is1" = Free Studio version 4.8 "Free YouTube Download_is1" = Free YouTube Download version 3.1.35.903 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.04" = GPL Ghostscript "HaaliMkx" = Haali Media Splitter "Hauppauge WinTV 7" = Hauppauge WinTV 7 "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "iLivid" = iLivid "incredibar" = Incredibar Toolbar on IE "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Ovi Suite" = Nokia Ovi Suite "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Opera 12.02.1578" = Opera 12.02 "RarZilla Free Unrar" = RarZilla Free Unrar "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tunebite_is1" = Tunebite 4.1.0.35 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.2 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "YourFileDownloader" = YourFileDownloader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/11/2012 1:39:37 AM | Computer Name = MamaHeike-PC | Source = VmbService | ID = 0 Description = GetLoggedOnUser Error - 9/12/2012 6:53:36 PM | Computer Name = MamaHeike-PC | Source = VmbService | ID = 0 Description = GetLoggedOnUser Error - 9/12/2012 6:53:41 PM | Computer Name = MamaHeike-PC | Source = VmbService | ID = 0 Description = GetLoggedOnUser Error - 9/13/2012 12:22:49 PM | Computer Name = MamaHeike-PC | Source = VmbService | ID = 0 Description = GetLoggedOnUser Error - 9/13/2012 3:21:09 PM | Computer Name = MamaHeike-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 9/14/2012 7:41:36 AM | Computer Name = MamaHeike-PC | Source = System Restore | ID = 8193 Description = Error - 9/14/2012 7:41:39 AM | Computer Name = MamaHeike-PC | Source = VSS | ID = 12289 Description = Error - 9/14/2012 10:33:08 AM | Computer Name = MamaHeike-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Public\programme\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Users\Public\programme\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 9/15/2012 1:49:43 PM | Computer Name = MamaHeike-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448, Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16448, Zeitstempel: 0x4fecfb0e Ausnahmecode: 0xc0000005 Fehleroffset: 0x004009de ID des fehlerhaften Prozesses: 0x10bc Startzeit der fehlerhaften Anwendung: 0x01cd93460b77884b Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\MSHTML.dll Berichtskennung: baca1781-ff5d-11e1-948f-00262dc04d51 Error - 9/16/2012 1:00:02 PM | Computer Name = MamaHeike-PC | Source = Windows Backup | ID = 4103 Description = [ Media Center Events ] Error - 8/24/2011 12:14:26 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 18:14:26 - Fehler beim Herstellen der Internetverbindung. 18:14:26 - Serververbindung konnte nicht hergestellt werden.. Error - 8/24/2011 12:14:43 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 18:14:31 - Fehler beim Herstellen der Internetverbindung. 18:14:31 - Serververbindung konnte nicht hergestellt werden.. Error - 8/24/2011 1:14:51 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 19:14:51 - Fehler beim Herstellen der Internetverbindung. 19:14:51 - Serververbindung konnte nicht hergestellt werden.. Error - 8/24/2011 1:15:05 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 19:14:56 - Fehler beim Herstellen der Internetverbindung. 19:14:56 - Serververbindung konnte nicht hergestellt werden.. Error - 9/1/2012 4:01:34 AM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 10:01:34 - Fehler beim Herstellen der Internetverbindung. 10:01:34 - Serververbindung konnte nicht hergestellt werden.. Error - 9/1/2012 4:01:49 AM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 10:01:39 - Fehler beim Herstellen der Internetverbindung. 10:01:39 - Serververbindung konnte nicht hergestellt werden.. Error - 9/14/2012 7:45:30 AM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 13:45:30 - Fehler beim Herstellen der Internetverbindung. 13:45:30 - Serververbindung konnte nicht hergestellt werden.. Error - 9/14/2012 7:45:51 AM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 13:45:39 - Fehler beim Herstellen der Internetverbindung. 13:45:39 - Serververbindung konnte nicht hergestellt werden.. Error - 9/19/2012 1:04:13 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 19:04:13 - Fehler beim Herstellen der Internetverbindung. 19:04:13 - Serververbindung konnte nicht hergestellt werden.. Error - 9/19/2012 1:05:17 PM | Computer Name = MamaHeike-PC | Source = MCUpdate | ID = 0 Description = 19:04:18 - Fehler beim Herstellen der Internetverbindung. 19:04:18 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 4/14/2012 3:17:17 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/14/2012 3:17:26 AM | Computer Name = MamaHeike-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?04.?2012 um 21:21:23 unerwartet heruntergefahren. Error - 4/14/2012 3:17:28 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/14/2012 3:39:15 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/14/2012 3:39:24 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/15/2012 11:41:17 AM | Computer Name = MamaHeike-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?04.?2012 um 17:58:46 unerwartet heruntergefahren. Error - 4/15/2012 11:41:08 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/15/2012 11:41:19 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/18/2012 11:50:06 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 4/18/2012 11:50:17 AM | Computer Name = MamaHeike-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. < End of report > |
Zitat:
Poste die Logs mit den entsprechend protokollierten Funden dazu. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Entschuldigung, ich bin neu hier, ich hoffe ich lerne noch dazu. Die Viren hatte ich bereits gelöscht, bevor ich das Forum hier gefunden habe. Was kann ich denn jetzt machen? Soll ich die Log's noch einmal schicken? |
Ob die Viren schon gelöscht sind ist ja für die Frage irrelevant, ich will die Logs sehen wo das protokolliert wurde, was gefunden und gelöscht ist ;) |
Wo finde ich die? |
AVAST Logfile? :confused: :x Fehler in den avast! Log Dateien suchen und finden Log Dateien avast! 7 / 6: C:\ProgramData\AVAST Software\Avast\log Log Dateien avast! 7 / 6 / 5 (bei Update von 5 auf 7 oder 6): C:\ProgramData\Alwil Software\Avast5\log Log Dateien avast! 4: C:\Programme\Alwil Software\avast4\Log |
Ok, was soll ich machen? Tut mir leid, dass ich mich so blöd anstelle... |
Log von Avast posten |
Ich wünsche einen schönen Sonntag. Hier habe ich zwei logs, ich weiß aber nicht, ob es die richtigen sind. In diesem Ordner sind sehr viele logs. Ich habe die aktuellsten genommen. Übrigens gingen diese Nacht wieder in meinem Postfach E-Mails ein. Alle unter : Kein Absender, Mail delivery failed, returning message to sender. Meine Virenprogramme finden aber nichts. Bin am verzweifeln |
Die Logs solltest du doch direkt posten in CODE-Tags, nicht als Anhang! |
Code: avast! Antirootkit, version 1.0 |
Das sind aber nicht die Logs, nach denen ich gefragt hatte! Ich wollte die von Avast protokollierten Funde sehen, warum zeigst du mir da Logs vom Avast-Rootkitscanner? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 23:17 Uhr. |
Copyright ©2000-2025, Trojaner-Board