Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/kazy.mekml.1 Auch mich hats erwischt =(

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.04.2011, 13:19   #1
MiniBowser
 
TR/kazy.mekml.1 Auch mich hats erwischt =( - Standard

TR/kazy.mekml.1 Auch mich hats erwischt =(



Hallo ich bin neu hier und kenne mich kein Stück mit Vieren bzw bekämpfung der Viren aus hoffe bekomme ersmal hilfe.


Erstmal der Fall gestern Abend wollte ich schlafen gehen auf einmal waren au fdem Destkop fast ale daten weg Oo und Destkophintergrund schwarz naja PRoblem kennt ihr

ich habe nun Geseen das der Virus die Daten nur unsichtbar macht . Sichtbar hab ich sie also schonmal bekommen nur nervt mich jetzt Antivir und Windows Recovery mit dauermeldungen die der Virus auslößt

OTL läuft gerade und Malwarebytes auch schicke euch die sachen dann#
hoffe auf Hilfe mfg MiniBowser

So OTL ist gerade abgeschossenOTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.04.2011 14:06:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Peiler\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 59,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 451,78 Gb Free Space | 49,27% Space Free | Partition Type: NTFS
 
Computer Name: PEILER-PC | User Name: Peiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 66 A6 5F B4 79 05 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0532D4E2-85FC-4BFE-A493-8160137745A9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{05821226-EC6C-41D7-B44F-38E0535E3CA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{09E72E59-E10C-4F97-A24A-EBE5BB7FFCEA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{10EDAB88-7876-4258-863D-243DC55CECC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1BB0D214-ED06-4B3E-8643-905CE88A81AB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1C1E007A-B89A-4F07-85D3-20384558C6B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CF4F58B-33D8-45A6-B526-72BDBB83990D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2C969C09-B9A2-4BE7-BEFE-B229CBC71AD2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3227F99E-85DB-48E5-ADE4-9E8FC37390A5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57CDA9B0-BAF4-433A-9A8D-59FB3D983EB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5F4422BD-9E8B-48AB-84BA-72692B183739}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8118D1E4-569D-45F8-8BA9-89D34D3FE5B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91918907-7D3F-423A-8BFA-9E68C3E50F9F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9907099C-F337-4BF4-BD64-F0F7BA4AB747}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EE85477-6A9B-4CFD-8F77-09AAFA8D54A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A049E527-21DF-480C-816D-C680A28681D4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AF823175-AC15-46B2-8AFD-F781605D12C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C4FE1D17-01FB-4A47-910A-01A12FC51F51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D8CEC247-CE24-439B-862E-53BB24493A02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0DD3351-6B8D-4520-90BC-962BA2B7590E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6CCEF52-6D19-4291-9B84-7683BF1DEB64}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0042D53C-82DC-41D2-AACA-5552B281FD93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{03113EE7-400A-4678-9DE0-CD668F1D75A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0361C771-C807-476A-98A6-49B718F1D5E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{04CE2353-0EAF-43BD-814E-2F7DE1ECDB25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{058F9FA7-D7F7-40F5-9E52-D4E837020E57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{066B8809-96B4-4369-9343-FA296F2186BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{06FB76D8-467D-43D4-B73C-2F81D51E52FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{071F3DCC-8EB1-4A17-A4EB-C05E7AE82516}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{07AF4AB5-1AA8-476A-A7B5-2114141655B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{092C901E-8B11-4454-85E3-7DD85C938F64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0B9D1E4D-CB3B-45A3-8BA5-D5F7C059C161}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0C9ACEDD-2E50-4E50-91F4-E8ECB115DC39}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{0FCE1ECA-6E5E-44F1-8799-A85FB47D47AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{105111A3-245B-4956-A7E2-173055C0F684}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{107753E0-3669-4A39-A31D-0490EF0E18C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{118B0090-6209-4FD4-B049-B5E8A0314011}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1198DC01-D967-43EF-A580-F2177A927297}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{11B41481-DAE3-4C14-AE9D-AA1239B1A19F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2010\f1_2010_game.exe | 
"{11F715AE-3C09-4762-B71A-60BABC0A31C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12500E42-6720-45F9-9EF2-BE83858BF0F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1293AAC2-85A6-4ED1-AACE-5BD7DD604407}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{13B37F8D-0708-4357-9B98-4A05DD866384}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{14B71D77-94E0-41F4-99C5-863570A1AF07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{14C03AF2-51EE-4642-AAEF-2EC71A2DA679}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{154082C0-8864-457F-84FD-CF1ACA51E439}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\minibowser18\counter-strike source\hl2.exe | 
"{158609B8-CF0E-4DED-B726-4A46086477E5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{17F6EBD0-ADAD-4FEE-8603-D5123243EA93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1A6009E3-F9C1-4058-9F82-2C2A062492FA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{1AD7C5A8-A2C0-4919-9A5D-67873A42521E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1EB32FF3-11FD-44BE-8646-D61603A22262}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1F7039F1-3439-4626-8A77-B10A905F3C0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1F87C2DD-6D4B-4243-B5E1-088B379676B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2189F4DD-A994-418C-B03D-5EE093BC684F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{225B55A6-F59C-4917-8D90-68E1DFBCD24F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{27FDB9D5-2A5F-4FF1-8AFF-EF7753549CF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{28C5B324-F64D-4B43-BE4B-8206271F4B69}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{2996ADF0-C6DE-4007-9B84-BFD049B64E77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2D257F8D-65BD-4282-9591-9CE7C1464A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2010\f1_2010_game.exe | 
"{3052BA29-8B12-483A-9135-ACE97CCF6066}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{32D2C558-D309-4712-B9C6-210A8953C107}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{34EEDA72-795F-476D-B659-F5306619FB76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{364588D4-9EA7-40AD-8B31-4088FA2243BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3683AF4B-815C-44E4-AD35-EF424E999C44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37AE1027-37BB-4654-8068-27B46A822A4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37CD5057-D798-443F-AA38-1876D0EDBDD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{38354ED1-28CB-4AE4-A064-F1B733815C24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{39351DFF-112A-43B6-9D58-5EC7B6AAFCCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3B40735B-979D-40E1-A5F5-3A4391A458C5}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{3B4F147A-A1D0-4BF8-987F-DCA5B9EE57DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3BDD066A-3D84-4C4D-AB3F-D976AD887487}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3CD047A4-637A-4157-BB95-32DC3EDBBE03}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3E1DC11B-1799-46C5-BD6A-928B90C1AD66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3F95BE54-6BBB-4B1F-8C40-B6A22B5913C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41156663-D8C0-41EE-8263-5EE002BB368C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{42E59F91-E467-4745-8663-7E22B314C77F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{45D3DD50-2016-493A-848F-32ADD35F685F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{45E77912-B7C2-4ACE-B4DB-5E25689F9379}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{48C90257-2808-441D-B3E0-4C9E50F4A438}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4908BC06-0E63-417A-8829-F6BC9E9C3E1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{490FB5C4-1E9C-4126-B26E-287E87BE2C73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4A2A12E8-46C9-4460-9EA6-8A1CF65FE31C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{4CBF71D5-8A0B-4D3B-A120-0F35F604A710}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DA69A91-C9D1-4D11-A62B-27718B87AD58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E798F5A-1471-4100-A43D-C0FE7EEDEB92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4F4CEF80-DEB2-4265-858F-4536B3EB95BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4FBC8E95-040E-44E3-886A-10FF94153978}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{51E9ECB6-DCC4-4132-92D8-63239EAD25B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{526513BB-A4DD-4163-AE8F-A085B113C6D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{53E87CEC-7DD5-4C6C-8377-BBD1F2FCA095}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56966A0E-0D7A-44E7-A7D7-E1DB2C05AF91}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{5737DDB9-53B8-40B6-9BF4-C8C322ECAAA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{59546C25-47FE-4563-807F-C09F8172F377}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{597854D8-2F66-45B6-A8CC-50DF1CC057A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5B599CBA-01F7-48E0-A18B-6FF2BFC4B06C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5C5E1428-A562-4C7F-B803-BD6E72D9A835}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\minibowser18\zombie panic! source\hl2.exe | 
"{5CBB5C06-FF6D-4C46-842F-C9843C46B2E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{60946AEA-1397-4967-BD15-0A54F2FBB25A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{62283592-5EAF-4D06-9217-1071378C297E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{62C7B676-4899-4ECC-9034-B4DA8ED4CDF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64349909-DC43-4F35-B65A-FA62426E2AC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64AC1C4E-1F64-4FAD-B217-BE176F0DF019}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{65AA3532-DDB3-4CFC-92BD-28066DC7B6AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{65B047EF-E9DB-49B9-A63D-3652BB6242BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67B37172-B4ED-430B-98B7-BA0BCEDD128C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{68108F15-955A-4689-8A3E-06D1F2269516}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{68149317-4C51-4727-8A9F-57DE9C172673}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{690BDAAA-1180-4B52-BB86-1CFBA5115053}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A68866D-304D-4685-A622-2448C105F8F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6CC682E5-161F-4B24-AE0B-EBF269FA3335}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{6E6C88F9-AA03-4D4E-8E6C-EF9474381A47}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{72E34864-B39A-420A-A00E-4A3748BF5FC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{735FCA75-9894-4955-85B9-F590F6E7684F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{75D89337-C2C3-42C3-A925-2A83EB4D3645}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7659B203-CC73-40AF-8500-3532D9A6A1EE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{776C08AD-1D9F-48E1-B681-F7DBD8BCB49B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{785C4DAB-63AC-40E6-BE48-26D0B7F0713C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{79BE724A-D1AB-4BD4-B3E3-03CADD3AD731}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{7A5F0AF9-64C0-4049-B452-D64CAACDAA25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7A92CD9A-FFB9-43EE-93B2-B1C10F491966}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7C27B632-CDEC-40E5-9B25-F6923E73783D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7E87A669-AD90-4B82-AD4E-806DD89E7CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\minibowser18\zombie panic! source\hl2.exe | 
"{7FEE77F8-2129-4F20-AEF5-59CDA14C231A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{8072A4B2-9716-4918-B0A6-5B091996AE78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{817E3974-3771-4691-98D1-26C12F11D2F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{81A34AC1-7FC4-48A0-81A5-900FB8A43E42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{82D97742-0427-45EB-A98F-8214484C4F97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{82E33D48-2C0B-4D8D-A845-3B8801BF1439}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{83D5A24E-70F5-4F5C-8B2D-F1CF7CA70B27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\minibowser18\counter-strike source\hl2.exe | 
"{8452F0F9-CE45-4558-A638-DD7CB01BEF20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{84AE9999-F7BE-4652-B90E-BD5735602B45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{859EAEA4-C4BE-4888-B3DA-DF340A9D5555}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{85F09296-0CF8-48E0-A782-7DE29E0C2959}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{87D5607E-52D0-43D4-A0DB-3E11046BB997}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{894C036C-CF60-4912-BBAE-6CA892CD8FE8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{89E92A79-260C-450D-AE41-02CE6B94CCE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A587E32-A642-4A28-B7E2-02A6E5E729C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B51CC51-2D27-4621-9947-2E854164FF22}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B934B63-30A5-4327-AB37-D465CF713E37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{8BE2A09F-0506-45DF-A1BF-81F16064A3C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8C32B573-85BE-4583-9B32-785428D24A3B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{8C4E84B5-005C-48A9-8A0E-4BE189EEF70F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8D76DC72-F1C9-45AD-A3DD-D594B38C4F72}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DFD000F-EA4F-4538-AF73-7F73C9E0C9FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{900F60BB-3BAE-4334-90D2-A8926E7111D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{91255594-9FC0-47F4-AD1D-8827EA401A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{9465528A-4375-4012-8A8A-0B950BF5DE35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{95F179FF-8E7D-49E0-ABBB-DBA9C1CEDB22}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{96D695FF-9EA3-4D33-B9FF-4ACE8C35932F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{97C08528-E2C9-4F84-B296-C77783320EDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{97E9CBE1-3CEE-4504-BAAF-27D40C2D8C1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{99995077-0AAA-4D6D-A881-983DA6A1EEEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A36DE64-A4D3-44D6-BB3B-756576F050A7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9A6C2CCE-F80B-4CB8-AD47-CF6762500911}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9BFC307C-A739-472C-B37C-29486A07B870}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9C6F7EF0-2CCB-4B21-93E0-F3F813039AAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9CE7CF40-DCF3-44B3-AB89-D9B273699EEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9CFD2238-E329-44A6-A92B-D512BA0A8B46}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{9E49B757-2B26-48CC-83C1-BC9F1143AD05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9E780B59-06AD-4B38-B8CF-E0B406DACE04}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{9EAA0558-11C5-4E2A-8DA8-62C94A02FDA0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9FA254EA-82B7-441B-90CE-DF61BD2C3529}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A141DEE1-91AD-412D-AF56-4AE9A9755693}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A60AAA0C-2A44-4847-ADBA-D46319B4A701}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A75EFEAF-0EC2-4E36-A866-252A24C2A88B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A7725658-6A5C-4E61-9DB8-11408ED70C08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A78B1CF8-50E3-4C02-AAC8-B7C96E029E5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ADB95ACB-EF8F-45CC-A83B-71621345FFFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B07B353E-7222-4311-957B-CD71E193AADD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B1BA2A46-F12E-4429-8E69-30D11824B149}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{B231C41E-4B9C-4D48-9027-129EFA2BE279}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{B3FB2973-864D-4AB2-BB7A-79C0749682F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B5E224E4-AACB-4A54-B37D-C12C7305A206}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B7E7D8BD-2387-488F-B421-E7834539EAF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8224DF0-046C-486C-92DF-26BAB27D2EF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B85267E6-A7A8-4314-9611-36CAF0D2D945}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B85DD9B9-9411-4630-8020-70025F0B4017}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B8D32916-8E75-4640-A117-2F5F2FE3A55F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB6AA47E-717E-40E7-8B98-B109E9E7D4BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC139DEE-B654-4E8B-AA80-686114E215CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BE51CA16-AD87-4D5D-9A3A-EF423C647DCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BFC3269E-0C07-4BF4-9900-60C6ECE7C4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{C2B02616-8F66-4B90-8369-4B144C7F4453}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C2BBC659-1719-4D82-820C-ED80F1D86647}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{C3C6DDAA-B464-4485-9425-8C1BBB039A06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C4CEA6F8-ECC5-4903-8006-66DD364378B8}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{C67C6125-C028-4410-8C24-4AF46BA5704E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{C6BF1BD6-2A14-4CF7-AB58-A7F8F5B06A77}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{C8C66F3D-7B22-43E6-8DF3-65F1BBB4517A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C94C285A-7E52-474A-87BC-DEA2A14045B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CAF03AFC-DB42-4D17-BFF7-8B1765DF7A0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CEA88481-1FE1-4A8D-A78F-54AFA8E86436}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CF9EAE00-C306-46B1-8981-8122C47CCA6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D00F1511-8152-4D28-A246-1925ED789980}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D7E99E53-E95D-4CE2-B123-4E783D16A567}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{DA0F1FD6-22C9-4AEC-9650-C360746A7F96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DACDD4CE-BC39-4A15-B3ED-616AEA1E0C42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DCFAE698-4F7A-4BE6-B3B3-D3F60502F252}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DD02C726-9626-49D7-A3F5-74C134FFB42C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DDD1336C-907F-436A-9E95-AAF3F917B496}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{E0B62EA4-6559-48F1-8869-3DAD5B889080}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E3ABA766-BF92-4BD0-B4DE-D3A4316086A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E74055BF-65E6-4ED3-A8F9-8B60B5FD872A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E8923445-AB66-4CD9-8C3E-5B77686D8C5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E9563470-2ED1-4F94-8C7F-4F5A37655735}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 
"{E9A962AC-AC80-41DD-8689-E87762927B72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{E9F01E6F-4108-4CF7-B777-B7AB1D8A4380}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{EBA71188-FD90-40CB-9540-CB75F9498EAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EDB47F55-5037-42C0-91CC-38B25581DF17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EDBCB263-CAAF-4683-BB3C-3A45D25E594B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{EDD44BF7-447E-4A9E-BA28-DEF22537CABD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EE672282-D795-4543-BF23-18328FFDE1A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EEB8BAD2-A404-4D06-8BFF-C8D46BD2864E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF7E8914-1C65-427D-BC80-957EB4C1444D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F056F4FD-571C-4D7F-8F6A-BB9E2E70253F}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{F150818D-E425-4E63-A2BF-FBEF21C1FBC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F1522A3D-73F5-4C1B-8962-9C7290C53599}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F27CC983-1A98-4A51-B161-A6AA4625E224}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F3953BF1-13F3-4879-A724-9ACFE10FCC2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F640F6B6-AB4C-440D-8C6B-30369A97CC24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F73A6788-A751-4746-B42F-36C0D2761EB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB2B079B-4722-4FA3-A21A-F9C74894E5C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB3EF32C-F2C7-443E-87F5-822A1DACC3B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FD1CD38C-2790-401A-841C-FED37B09570E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FF31FC28-A488-43E7-B8BC-2EC756614EC2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"TCP Query User{505E478E-A1C3-4F8F-833E-06E98865F766}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{5FC7DC67-9632-4DE1-B1FE-9B210D5CEA7B}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{A66212EA-2FC1-42CE-BEEC-EBBB965AAAAF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{C12F310D-124E-4C63-9C97-9A68CC61FC05}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{D0E8C4C5-8F2F-4BF9-AFE4-B6DF1903CB6F}C:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 11\manager11.exe | 
"TCP Query User{E6CFE3D6-E289-4B53-8295-268389DFC6B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{F1E035EC-D617-4196-A9A4-FD081815A976}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"UDP Query User{270D8D14-B1D4-4B26-9A2D-80E48D96D42F}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{3E165671-D0B6-45B1-8855-2EBDB2AA2951}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"UDP Query User{434AFC71-04DD-4102-A055-2F41DDF7C173}C:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 11\manager11.exe | 
"UDP Query User{439F6209-C193-4424-AE68-AB65D14E83BF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{894CB6E1-FD1F-4F33-AB76-984D0FC106ED}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{96AAA3D3-316D-4850-BD61-A1D4E4DAA1E4}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{E7225F90-5F2B-4831-B935-0790B697C116}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.9.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"Recuva" = Recuva
"Works9se" = Microsoft Works 9.0 SE
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0DB3E1EC-21B7-40A2-9CA2-C1A0AEFDEA97}" = Scrabble3D
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{92881120-6DA5-44A3-8BAB-2429A01D022E}" = YouTube Downloader Toolbar v4.3
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  0.83
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Creation Master 11_is1" = Creation Master 11 Beta 4
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"DzSoftPPSlideShowConv_is1" = PowerPoint Slide Show Converter 3.2.1
"EA Installer.-1797597899" = EA Installer
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.2.4.1
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download 2.2
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GameCenter_is1" = GameCenter 1.3.0.5
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Google Chrome" = Google Chrome
"GtkAtlantic" = GtkAtlantic 0.4.1
"Hamachi" = Hamachi 1.0.3.0
"HarryPotter7Screensaver" = HarryPotter7Screensaver
"HLSW_is1" = HLSW v1.3.3.7b
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"PokerStars.net" = PokerStars.net
"Pole Position 2010_is1" = Pole Position 2010
"PrettyMay Call Recorder for Skype - Basic" = PrettyMay Call Recorder for Skype - Basic 3.6.0.105
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RTL Biathlon 2009" = RTL Biathlon 2009
"Skispringen 2007_0001" = Skispringen 2007
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 17500" = Zombie Panic Source
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 630" = Alien Swarm
"SysInfo" = Creative Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"a19b0e22c9f1bd03" = WindowsApplication1
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.0.0.18
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"GameRanger" = GameRanger
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

--- --- ---OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.04.2011 14:06:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Peiler\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 59,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 451,78 Gb Free Space | 49,27% Space Free | Partition Type: NTFS
 
Computer Name: PEILER-PC | User Name: Peiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peiler\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\45801224.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe (Reviversoft, (www.reviversoft.com))
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe (Packard Bell BV)
PRC - C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
PRC - C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\SysWOW64\HidService.exe (Packard Bell Services)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Peiler\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (GenericHidService) -- HidService.exe (Packard Bell Services)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys (Protection Technology)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (athsgt) -- C:\Windows\SysWOW64\drivers\athsgt.sys ()
DRV - (limsgt) -- C:\Windows\SysWOW64\drivers\limsgt.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.packardbell.com/?id=9661 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF A1 03 B4 1F 75 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://vshare.toolbarhome.com/?hp=df"
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.2.5.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.23 09:05:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.23 09:05:07 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\components [2010.09.07 01:40:17 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugins [2010.11.21 19:20:59 | 000,000,000 | -H-D | M]
 
[2009.04.18 17:25:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Peiler\AppData\Roaming\mozilla\Extensions
[2011.04.22 23:56:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions
[2010.05.26 06:42:22 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.23 09:05:50 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.23 09:05:33 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.23 09:05:42 | 000,000,000 | -H-D | M] (Elf 1.13 Community Toolbar) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2011.03.23 09:05:47 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.11.19 21:58:07 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.04.22 23:56:48 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\DTToolbar@toolbarnet.com
[2010.03.10 10:21:51 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\eafo3fflauncher@ea.com
[2011.03.23 09:05:46 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\engine@conduit.com
[2011.03.23 09:05:54 | 000,000,000 | -H-D | M] (FDislike) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\fbdislike@doweb.fr
[2009.12.04 22:04:08 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\firefox@tvunetworks.com
[2011.04.06 20:56:38 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Peiler\AppData\Roaming\mozilla\Firefox\Profiles\ts8d63yb.default\extensions\vshare@toolbar
[2009.08.04 23:29:36 | 000,000,681 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\ask.xml
[2011.03.31 22:36:43 | 000,002,394 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\askcom.xml
[2009.11.30 18:23:25 | 000,002,163 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\bing.xml
[2010.12.02 09:07:20 | 000,000,919 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\conduit.xml
[2010.05.13 09:57:30 | 000,002,059 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\daemon-search.xml
[2011.04.20 01:05:55 | 000,000,950 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin-1.xml
[2010.03.14 02:36:54 | 000,000,950 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin-2.xml
[2010.03.31 18:15:59 | 000,000,950 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin-3.xml
[2010.04.02 17:59:02 | 000,000,950 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin-4.xml
[2010.05.13 17:06:07 | 000,000,950 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin-5.xml
[2010.05.12 18:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\icqplugin.xml
[2010.07.08 19:20:53 | 000,000,779 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\kicker.xml
[2011.04.06 22:46:59 | 000,001,583 | -H-- | M] () -- C:\Users\Peiler\AppData\Roaming\Mozilla\Firefox\Profiles\ts8d63yb.default\searchplugins\web-search.xml
[2011.03.23 09:05:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.01.24 18:24:50 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- 
[2011.02.02 20:29:20 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.02.02 20:29:20 | 000,000,000 | -H-D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
() (No name found) -- C:\USERS\PEILER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TS8D63YB.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011.03.18 19:56:37 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2009.08.20 17:36:00 | 000,097,376 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\FFPDFConverter.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.26 17:57:38 | 000,002,036 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchppcb.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [dAmLSTWYyWMb] C:\ProgramData\dAmLSTWYyWMb.exe (WinTrust)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bplaced.net ([ifl] http in Lokales Intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Peiler\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\Peiler\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0968ad45-ac41-11de-bdb3-00226865f9fc}\Shell - "" = AutoRun
O33 - MountPoints2\{0968ad45-ac41-11de-bdb3-00226865f9fc}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{da3955b2-1da3-11e0-bae4-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{da3955b2-1da3-11e0-bae4-00ff01000001}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da3955d0-1da3-11e0-bae4-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{da3955d0-1da3-11e0-bae4-00ff01000001}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dfc5fb24-2c19-11de-95dd-00226838d35b}\Shell - "" = AutoRun
O33 - MountPoints2\{dfc5fb24-2c19-11de-95dd-00226838d35b}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.23 13:58:07 | 000,000,000 | ---D | C] -- C:\Users\Peiler\AppData\Roaming\Reviversoft
[2011.04.23 13:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2011.04.23 13:57:49 | 000,018,240 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2011.04.23 13:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2011.04.23 13:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.23 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Peiler\AppData\Roaming\Malwarebytes
[2011.04.23 13:41:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.23 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 13:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 13:41:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.23 13:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.23 05:04:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.04.23 05:04:47 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2011.04.23 04:48:17 | 000,000,000 | -H-D | C] -- C:\Users\Peiler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.23 04:30:44 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\dAmLSTWYyWMb.exe
[2011.04.14 06:23:25 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.14 06:23:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.14 06:23:25 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.14 06:23:21 | 001,063,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.14 06:23:21 | 000,991,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.14 06:23:21 | 000,979,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.14 06:23:20 | 001,076,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.14 06:23:20 | 000,020,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.14 06:23:20 | 000,018,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.14 06:23:20 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.14 06:22:51 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.04.14 06:22:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.04.14 06:22:51 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.14 06:22:51 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.14 06:22:51 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.14 06:22:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.14 06:22:51 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.14 06:22:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.04.14 06:22:51 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.14 06:22:51 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.04.14 06:22:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.04.14 06:22:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.14 06:22:51 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.04.14 06:22:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.14 06:22:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.14 06:22:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.14 06:22:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.04.14 06:22:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.14 06:22:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.04.14 06:22:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.04.14 06:22:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.04.14 06:22:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.04.14 06:22:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.04.14 06:22:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.14 06:22:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.04.14 06:22:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.14 06:22:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.14 06:22:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.14 06:22:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.14 06:22:48 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.14 06:22:48 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.14 06:22:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.14 06:22:46 | 001,398,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.14 06:22:46 | 001,360,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.14 06:22:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.14 06:22:45 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.14 06:22:44 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.14 06:22:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.14 06:22:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.09 00:36:43 | 000,000,000 | -H-D | C] -- C:\Users\Peiler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.04.01 00:01:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.03.31 22:37:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.31 21:45:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.03.31 21:41:30 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2010.08.28 08:57:28 | 002,944,904 | -H-- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.23 13:57:52 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011.04.23 13:51:07 | 000,001,108 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 13:47:37 | 000,000,772 | -H-- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.23 13:45:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.04.23 13:41:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 12:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.23 05:13:38 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~45801224
[2011.04.23 05:13:37 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~45801224r
[2011.04.23 05:12:25 | 000,000,392 | -H-- | M] () -- C:\ProgramData\45801224
[2011.04.23 05:10:39 | 000,115,285 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.23 05:10:39 | 000,115,285 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.23 05:10:35 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45801224.exe
[2011.04.23 05:10:31 | 000,001,104 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.23 05:10:29 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 05:10:29 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 05:04:49 | 000,001,608 | -H-- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.04.23 04:52:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~47767304
[2011.04.23 04:52:08 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~47767304r
[2011.04.23 04:50:28 | 000,000,392 | -H-- | M] () -- C:\ProgramData\47767304
[2011.04.23 04:48:40 | 000,000,585 | -H-- | M] () -- C:\Users\Peiler\Desktop\Windows Recovery.lnk
[2011.04.23 04:30:44 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\dAmLSTWYyWMb.exe
[2011.04.22 17:02:01 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Peiler.job
[2011.04.21 15:22:08 | 000,001,969 | -H-- | M] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2011.04.19 14:31:49 | 000,000,959 | -H-- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.04.17 22:06:52 | 000,233,212 | -H-- | M] () -- C:\Users\Peiler\Desktop\Auslosung.7z
[2011.04.15 13:43:01 | 000,405,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.14 21:07:33 | 000,123,906 | -H-- | M] () -- C:\Users\Peiler\Desktop\4 etappe.jpg
[2011.04.01 11:44:38 | 015,237,880 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.01 11:44:38 | 003,628,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.01 11:44:38 | 003,466,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.01 11:44:36 | 004,877,830 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.01 11:44:36 | 000,005,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.01 08:49:47 | 000,000,687 | -H-- | M] () -- C:\Windows\wininit.ini
[2011.03.31 22:38:25 | 000,276,082 | -H-- | M] () -- C:\Users\Peiler\Documents\cc_20110331_223809.reg
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.23 13:57:52 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011.04.23 13:41:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 05:13:37 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45801224r
[2011.04.23 05:13:37 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~45801224
[2011.04.23 05:10:36 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45801224
[2011.04.23 05:10:35 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45801224.exe
[2011.04.23 05:04:49 | 000,001,608 | -H-- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011.04.23 04:52:08 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~47767304r
[2011.04.23 04:52:08 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47767304
[2011.04.23 04:48:40 | 000,000,585 | -H-- | C] () -- C:\Users\Peiler\Desktop\Windows Recovery.lnk
[2011.04.23 04:48:06 | 000,000,392 | -H-- | C] () -- C:\ProgramData\47767304
[2011.04.21 15:22:08 | 000,001,969 | -H-- | C] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2011.04.17 22:06:51 | 000,233,212 | -H-- | C] () -- C:\Users\Peiler\Desktop\Auslosung.7z
[2011.04.14 22:07:07 | 000,123,906 | -H-- | C] () -- C:\Users\Peiler\Desktop\4 etappe.jpg
[2011.04.01 00:14:56 | 000,000,687 | -H-- | C] () -- C:\Windows\wininit.ini
[2011.03.31 22:38:13 | 000,276,082 | -H-- | C] () -- C:\Users\Peiler\Documents\cc_20110331_223809.reg
[2011.03.31 22:37:27 | 000,000,772 | -H-- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.16 17:24:14 | 000,000,381 | RH-- | C] () -- C:\Windows\skMCcfg.ini
[2011.02.16 17:24:09 | 000,127,488 | -H-- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.02.16 17:24:09 | 000,069,120 | -H-- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.02.06 00:35:58 | 000,025,381 | -H-- | C] () -- C:\Windows\War3Unin.dat
[2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.11 01:43:44 | 000,000,461 | -H-- | C] () -- C:\Windows\EAGRAPH.INI
[2010.07.13 22:14:51 | 000,000,238 | -H-- | C] () -- C:\Users\Peiler\AppData\Roaming\wklnhst.dat
[2010.07.09 21:04:40 | 000,041,872 | -H-- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.10 20:33:37 | 000,115,285 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010.05.10 20:32:30 | 000,115,285 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.10 19:34:54 | 000,000,680 | -H-- | C] () -- C:\Users\Peiler\AppData\Local\d3d9caps.dat
[2010.02.28 01:21:03 | 000,005,334 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.12 01:09:32 | 003,497,520 | -H-- | C] () -- C:\Program Files (x86)\fifa.db
[2010.01.28 01:21:53 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.11.13 00:29:43 | 000,164,992 | -H-- | C] () -- C:\Windows\SysWow64\drivers\athsgt.sys
[2009.11.13 00:29:42 | 000,012,544 | -H-- | C] () -- C:\Windows\SysWow64\drivers\limsgt.sys
[2009.10.27 23:02:53 | 000,033,792 | -H-- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2009.10.24 16:29:17 | 000,000,204 | -H-- | C] () -- C:\Windows\struct~.ini
[2009.09.22 20:44:00 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2009.08.04 23:53:16 | 000,072,704 | -H-- | C] () -- C:\Users\Peiler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.28 15:01:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\Access.dat
[2009.07.15 23:00:26 | 000,214,592 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.07.15 23:00:25 | 000,075,064 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.07.15 23:00:24 | 000,794,408 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.06.24 17:55:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.24 17:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.06.24 17:54:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.05.20 12:07:58 | 000,000,732 | -H-- | C] () -- C:\Users\Peiler\AppData\Local\d3d9caps64.dat
[2009.05.11 22:53:11 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.24 22:23:14 | 000,000,481 | -H-- | C] () -- C:\Windows\eReg.dat
[2009.04.18 19:04:08 | 000,000,090 | -H-- | C] () -- C:\Windows\Irremote.ini
[2009.04.18 17:25:27 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.01.22 09:43:50 | 000,000,209 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.22 09:37:19 | 000,000,566 | -H-- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2009.01.22 08:37:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.19 03:49:26 | 000,001,209 | RH-- | C] () -- C:\Windows\skSPcfg.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.07.23 10:03:32 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
< End of report >
         
--- --- ---


Malwarebytes Ergebniss

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6424

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

23.04.2011 15:34:48
mbam-log-2011-04-23 (15-34-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 513050
Laufzeit: 1 Stunde(n), 49 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dAmLSTWYyWMb (Trojan.FakeAlert) -> Value: dAmLSTWYyWMb -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Peiler\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\programdata\damlstwyywmb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\ifl launcher\ifl launcher.exe (Trojan.MSIL.ND2) -> Quarantined and deleted successfully.
c:\Users\Peiler\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Peiler\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\Users\Peiler\Desktop\ifl launcher\ifl launcher.exe (Trojan.MSIL.ND2) -> Quarantined and deleted successfully.
c:\Users\Peiler\downloads\launcher.exe (Trojan.MSIL.ND2) -> Quarantined and deleted successfully.
c:\Users\Peiler\downloads\Destkop\ifl launcher\ifl launcher.exe (Trojan.MSIL.ND2) -> Quarantined and deleted successfully.
c:\Users\Peiler\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Peiler\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Peiler\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Alt 25.04.2011, 15:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 Auch mich hats erwischt =( - Standard

TR/kazy.mekml.1 Auch mich hats erwischt =(



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Antwort

Themen zu TR/kazy.mekml.1 Auch mich hats erwischt =(
64-bit, 7-zip, abend, adware.adon, antivir, avgntflt.sys, bekämpfung, c:\windows\system32\rundll32.exe, counter-strike source, daten, document, ebayshortcuts.exe, erwischt, gen, gen 2, gestern, google chrome, hoffe, install.exe, intranet, jdownloader, langs, libusb0.sys, location, malwarebytes, microsoft office word, nervt, neu, oldtimer, packard bell, plug-in, problem, recovery, recuva, sache, sachen, safer networking, saver, sched.exe, schicke, schlafen, schonmal, schwarz, searchplugins, shell32.dll, shortcut, sichtbar, skype.exe, spigot, sptd.sys, start menu, syswow64, trojan.fakeav, trojan.msil.nd2, unsichtbar, vieren, viren, virus, windows, youtube downloader




Ähnliche Themen: TR/kazy.mekml.1 Auch mich hats erwischt =(


  1. Cycbot.B - mich hats auch erwischt
    Log-Analyse und Auswertung - 07.06.2011 (9)
  2. TR/Kazy.mekml.1 hat mich auch erwischt!
    Log-Analyse und Auswertung - 15.05.2011 (41)
  3. tr/kazy.mekml.1 leider hats mich auch betroffen
    Log-Analyse und Auswertung - 06.05.2011 (26)
  4. TR/Kazy.mekml.1 mich hats auch erwischt
    Log-Analyse und Auswertung - 06.05.2011 (1)
  5. Kazy.mekml.1! Auch mich hats erwischt
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (10)
  6. TR/Kazy.mekml.1 - Mich hat es wohl auch erwischt!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (13)
  7. TR/Kazy/mekl.1 - Auch mich hats erwischt - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (25)
  8. Auch mich hat es erwischt: Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (11)
  9. TR/agent.ruo - mich hats auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (5)
  10. TR/Agent.ruo auch mich hats erwischt :-(
    Mülltonne - 30.03.2010 (1)
  11. mich hats auch erwischt
    Mülltonne - 08.08.2007 (2)
  12. argh... mich hats auch erwischt
    Log-Analyse und Auswertung - 10.04.2006 (1)
  13. Jetzt hats mich auch erwischt
    Log-Analyse und Auswertung - 27.10.2005 (9)
  14. Mich hats auch erwischt
    Log-Analyse und Auswertung - 29.09.2005 (3)
  15. mich hats auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 14.05.2005 (3)
  16. Mich hats auch erwischt
    Log-Analyse und Auswertung - 31.10.2004 (4)
  17. Auch mich hats wohl erwischt. :-(
    Log-Analyse und Auswertung - 23.10.2004 (21)

Zum Thema TR/kazy.mekml.1 Auch mich hats erwischt =( - Hallo ich bin neu hier und kenne mich kein Stück mit Vieren bzw bekämpfung der Viren aus hoffe bekomme ersmal hilfe. Erstmal der Fall gestern Abend wollte ich schlafen gehen - TR/kazy.mekml.1 Auch mich hats erwischt =(...
Archiv
Du betrachtest: TR/kazy.mekml.1 Auch mich hats erwischt =( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.