Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.02.2011, 15:03   #1
Hym
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



Hallo.
Meinen Virenprogramm Avira Antivir Premium hat einen Trojaner (siehe Titel) entdeckt, löschbar ist er aber nicht.
Mittlerweile geht nur teilweise mein Browser und alles hängt oder geht gar nicht.
Außerdem werden in jedem Verzeichnis auch transparente Ordner angezeigt, die es vorher nicht gab.

Ich kenne mich nicht allzu gut mit Fachbegriffen aus, also bitte erklärt mir genau was ich zu machen habe. Ich hoffe mir kann jemand helfen

Hier der OTL Systemscan:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.02.2011 15:43:36 - Run 1
OTL by OldTimer - Version 3.2.22.1     Folder = C:\Users\Benutzer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 89,95 Gb Free Space | 61,41% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 151,47 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 40,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1397,26 Gb Total Space | 1173,63 Gb Free Space | 84,00% Space Free | Partition Type: NTFS
 
Computer Name: BENUTZER-PC | User Name: Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\System32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09817EF7-0D6E-48EC-BDE6-79C9A84C3934}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0BA58DDE-9DF5-42AB-9DA0-06AE5ED31732}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E0EB0E6-BC6E-43BA-A1A6-346466B6D90A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1218F423-1D7E-43DE-8BB3-8C4E6CCD2BE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{211D7311-E75E-4730-812F-34F53ED4C51E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29F63622-B367-4E6A-8CED-B67800DD2A13}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2A12DE21-C177-43F7-8B98-6C24002A29A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34400FBE-BD0F-4043-8BCF-DF1FF648FEF6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3465EFFF-E940-42C1-9161-6814D1CDBF31}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37306204-4B85-47A3-A1A7-726DD61461BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{411A84BA-3267-4EED-8864-8C3077EE91B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{44FBFDCC-B704-4C3F-B103-EAA6D4AA2688}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4E27531C-F855-441B-AE40-04662F2E6BCE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{502526BE-CCDA-4304-A129-6ED5A16053B1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{562B02A4-A11D-4A66-A868-8ABD8E206632}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A1693F2-B011-4747-AFE8-81BA9F03A551}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5FB2093F-2367-45B6-A8FE-0C7EF4C5E69C}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{62EA500B-81A4-4434-9623-874B4D3FB320}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6612A3F4-DAE8-4A54-AC19-0B21E0FA8EA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73F14671-D894-4814-A1E1-44727B3E1A82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74337684-B585-4A87-A9D0-D30A2BFCC3F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{75128587-C93A-4ADB-A896-588CD3608F77}" = lport=445 | protocol=6 | dir=in | app=system | 
"{76A983F8-C5D2-47A8-A2F8-622136AC668C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{79A4F8D6-6A24-4619-AB75-BF7962B033A2}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{7C22A4B6-F135-4C90-84DA-736CD5355485}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8FBECC07-D23A-43A5-A390-D8C3AC97CAE9}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{9D398671-D029-41C9-BFBC-55E73CA75341}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C61D8336-7A62-4C56-9C53-AA347DB832D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CEC95A5C-4654-4E6F-B189-9EC86DDE7AD7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFFF6DFF-8F5B-4942-8273-D9EB2304FA48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163DAF9-7701-4F83-BB62-187DC25C1D45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{04043FD1-29B5-404E-8A10-8BAC8FA4A803}" = protocol=17 | dir=in | app=f:\neuer ordner\steam.exe | 
"{081B70BC-FC2C-4D5B-9022-8541039ACE6C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{10EECB66-52D7-4EBC-89BA-687319AC3261}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1241E280-FB09-4109-A0D6-855680164AA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12A3013E-BE2B-4555-B8F1-0D1F60B32B97}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{14AB3ED6-C7BD-4E55-8CA2-5D7D3F646AA9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{1A31DB63-00CC-4017-96EB-E79E1A814DA4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1BAE7A6D-4118-4524-A609-91812FE8FE56}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\fuel\fuel.exe | 
"{1FFCC2D6-2FF6-4AF4-9B78-39DA0369A3B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{21E06553-A2C1-4DD3-8020-ED25D3B674B6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{27BFB9D1-D5DF-4D33-B1FD-2F9893A93257}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{2EAB12FB-7A85-41B9-A57E-B124B0A3F24E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3150B6A7-7D16-4980-8211-DBAD69794DAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{341B2A56-ECFF-4E06-A466-A0282F94F39D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{352E9E15-5D89-420F-ADF5-66DA6AA11CA8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{36FEF3AD-9188-4909-A441-B27C8759F11B}" = protocol=6 | dir=out | app=system | 
"{3D33DC34-4059-4127-9846-5FA1AADF33C9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41611A5F-8E0E-40E7-8D7B-6DA738D41363}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{424716FE-DA9F-4C87-9D0E-9E46CBE0659F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{43466330-645C-4828-804B-1DA24847C393}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{467FD43D-B0DC-4175-A8B9-D558225BB3DF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{49A171EB-1376-4D90-838A-F1DD14C7D36B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{49D783D4-2352-4428-8767-194A63C0CA93}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe | 
"{4BB77A1B-5889-4968-8B2A-24F65364E77F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C023332-C308-4844-B001-9157AFEFFF59}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{4C6CE3EC-C005-461D-A0D9-28CB0DFB0129}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{4CD1FB35-36D6-4A30-8BB5-0087B4DBEB55}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{4EFDEFAC-6AD1-4B09-B609-2CC9B2BB4809}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4EFEFAD3-D981-4D35-9B9A-28F0877BE347}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{4F95D39B-306F-4469-BD01-94D170103F32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57C69EF5-A4D4-471D-8092-052B04523760}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{5A18A786-AE33-4585-AE1D-3ED8B5817907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5D6D341A-46F3-4F02-8F9D-1A6B950A9979}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{60380831-4AC6-462E-9B35-593A3EF7FFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{62745B29-2145-4F5F-BBE5-9D39757A3871}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{642643DF-3A50-49D0-9749-0E249FE9A178}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6E0F8E1D-43D9-4818-B4CC-B5BF879E3464}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EB32C88-5231-428E-B490-814F7E0CAA30}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe | 
"{7635FDE6-324B-409F-954C-2BCBE20FD45A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{79670B12-3CE1-4F4E-BFC3-9A2FBCD5229F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E2ED504-9FC4-4F7F-807A-8403307B1D92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F05C9FB-793B-4C9B-B8F5-451623386FA3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{7FAB3C62-A716-4D32-BFB1-B7BA0EDF82A4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{829B80BA-F3AE-45F8-A4C7-2E0573205718}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{844C864F-7463-4FAC-9825-E7E905571295}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"{858D81A0-A45C-474C-983F-4D087C57DAB5}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{8A937CEE-0B36-406D-9023-8B76F85F1B12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9516543E-C95D-43FD-8A5B-11E14D9CAAE1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{A4B4F9E6-CCFA-4A37-92BC-45932CD7C93F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{A6634B2A-6B24-4E9B-A947-F1CFABB00E24}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{A740A160-E073-4D08-AA40-F6BD4E16A88E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{ACF890CF-ACA2-4592-9891-742569AB6B69}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{AF1866E4-3DC7-48B8-8853-9D6F20AE6B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\fuel\fuel.exe | 
"{B12E8040-FFCE-4003-9AC4-7EF6622675DA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{B21DFD37-AEBB-4BAE-9A5E-4580FD29303B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{B961C6A4-9BDB-4C26-BCDA-ED0902F66EE7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BE74FE3B-4C38-4619-A413-2F7769018000}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{BFED424A-07EE-4ED8-9E43-6DA4B1698040}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0C14042-DC62-4976-B9F3-AA51D1502B11}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | 
"{C1C4B0AD-4785-46C5-9F7C-ECC5C2EE47E7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{C30B4BA4-AF0F-4FE9-84D5-B0AFEB8BF1E9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C339A40B-83A0-4589-9413-1E108CF6AA08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6727543-FDC4-460A-BE7C-7EFF8F6B1422}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C9383138-D4F8-491F-BCB0-F8B874740409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBD73201-D8F1-4A6E-99A6-D4BB8B6900B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1654377-319A-46CF-89D6-AD16DEB25E35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D7A9F894-3EDB-4F0E-A135-DFEA70EFFA2B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{DB6CA7D3-7C4B-42DC-9F6C-236D6C50B4B1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{DBDA0705-D2BF-4E68-97AA-37D6A5DCA5D0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{DC698DCE-6499-425F-B7EF-BD17ECC9747B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{DDACD7A3-1FE5-450A-887A-51DDF2FAE707}" = protocol=6 | dir=in | app=c:\program files (x86)\thehunter\launcher\launcher.exe | 
"{DFA1F5AC-8919-4B64-A0E7-634AF856BB78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E45A54A6-3B58-4CE8-94B6-74D6DE38401C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{E6BD455B-9D77-40FB-B2A4-8F427A309088}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E7ACD368-C049-4023-81CD-FCBE6F61E818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E876EF04-2B0D-41ED-953F-FBD187B3E274}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{ECB8DC03-97E4-4CBD-B719-218ECC68B20B}" = protocol=6 | dir=in | app=f:\neuer ordner\steam.exe | 
"{ECC3043F-EDAB-4910-B9A9-1FF56E772BDC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ED978BC5-6016-48E8-A9E6-5B8770CB65C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9CB5554-AA08-4EC2-85BC-9A5BCAB77535}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FC75CDFB-5CC1-4A47-ABEF-12571169EEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\thehunter\game\thehunter.exe | 
"TCP Query User{041FD7E3-DF66-4F6C-B961-595F5C77E42E}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{05ABFE7B-371C-46DA-8184-934A2F8B9339}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"TCP Query User{0F58B655-1892-4C8E-95C6-5FF1CCB17A28}D:\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\counter-strike source\hl2.exe | 
"TCP Query User{1272D1A2-66D5-4F02-B66A-D73EAC593799}C:\users\benutzer\appdata\local\temp\rarsfx6\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx6\hl.exe | 
"TCP Query User{1336A850-46CA-4860-8EBF-A8BBECAB9B43}F:\test.exe" = protocol=6 | dir=in | app=f:\test.exe | 
"TCP Query User{1D24C807-5689-47BE-A2B1-7661428FB5B9}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{1F7CAA90-3F5B-4369-BFA9-721984CBC45B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{22C3C650-4ABD-480A-AB98-6522E9BF530B}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe | 
"TCP Query User{2498A8B9-6F90-4213-8F31-52F611F48186}C:\users\benutzer\appdata\local\temp\rarsfx2\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx2\hl.exe | 
"TCP Query User{28292937-5C2F-4E2A-965D-587B90E90B5E}D:\teeworlds\train1.1_srv.exe" = protocol=6 | dir=in | app=d:\teeworlds\train1.1_srv.exe | 
"TCP Query User{34D1B258-D9EB-4077-AC9B-53FE9440F113}D:\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv.exe | 
"TCP Query User{3F7EBF1F-3651-4FD1-9B8D-80DB7B5A48CA}D:\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\counter-strike source\hl2.exe | 
"TCP Query User{4252D51A-FFAA-4418-B9F2-7FC118FDB01E}C:\users\benutzer\desktop\neuer ordner\tee-strike-0.1.0-win32\tee-strike_srv.exe" = protocol=6 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\tee-strike-0.1.0-win32\tee-strike_srv.exe | 
"TCP Query User{43156536-4FBA-46BE-B058-50C4C6DB86C5}C:\program files (x86)\warsow 0.5\warsow_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warsow 0.5\warsow_x64.exe | 
"TCP Query User{4CAC4678-BC9B-4B9B-BA92-494BD87BB7CB}C:\program files (x86)\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{5348DA90-E09C-4A62-94DF-EC98458605B4}F:\programme\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\programme\counter-strike source\hl2.exe | 
"TCP Query User{5531C407-1215-438B-8A65-DEE81D8752E1}H:\niklas\downloadspiele für pc\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=h:\niklas\downloadspiele für pc\wow-dede-installer-downloader.exe | 
"TCP Query User{59F18E3C-D043-4E01-B085-860B42767E2B}C:\users\benutzer\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx0\hl.exe | 
"TCP Query User{5D969D3C-A747-4DBE-89C6-B6F2E266B3F8}D:\teeworlds\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv_instagib.exe | 
"TCP Query User{6B0CEC5E-1C71-48C5-A8F7-DD1C3D8D5883}C:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe | 
"TCP Query User{6B900DD2-7F13-45F7-9910-608FE977510A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6F5CFDEC-1A95-472D-8F2A-477D9667CF4D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{71266125-C5D3-4E84-AA58-3746A901CD04}C:\program files (x86)\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{73D08CEB-E11E-4EC9-A69C-78C3815916CD}F:\programme\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=f:\programme\teeworlds\teeworlds_srv.exe | 
"TCP Query User{75444AA7-9D27-4192-8EEC-B6A1EB3E6056}C:\users\benutzer\appdata\local\temp\rarsfx3\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx3\hl.exe | 
"TCP Query User{7C3C41B5-3404-4B6F-98C7-14B79D507BBA}C:\program files (x86)\pinnacle\videospin\programs\videospin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"TCP Query User{7D0BF9EF-17BD-4EBF-828B-53442DC0247E}C:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe | 
"TCP Query User{839FCBE3-E754-43EC-B166-1E7E5782A568}F:\programme\teeworlds\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=f:\programme\teeworlds\teeworlds_srv_instagib.exe | 
"TCP Query User{846FA16E-6001-4D6F-BCF4-6BE823F1091F}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{8A77E830-6191-4602-BD81-71715FBC500E}C:\users\benutzer\desktop\neuer ordner\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{8F21FAD0-1A97-4886-96E0-97DBF4778E2C}D:\teeworlds\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv_instagib.exe | 
"TCP Query User{A3CA5ADA-7BAE-4C41-8EE0-1938EC3463E6}F:\programme\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\programme\counter-strike source\hl2.exe | 
"TCP Query User{AB1D4C76-BB53-4596-BF27-D33BD7835CC2}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{AF393E5B-334C-48EF-8099-51E23D93B5CE}D:\teeworlds\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv_race.exe | 
"TCP Query User{BC342D00-AB98-46BD-840B-8B24FCF0026D}F:\[ego] counter strike source\hl2.exe" = protocol=6 | dir=in | app=f:\[ego] counter strike source\hl2.exe | 
"TCP Query User{BC916C1B-7541-43A0-9971-05ED74E2B367}C:\users\benutzer\desktop\neuer ordner\teeworlds\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\teeworlds\teeworlds_srv_instagib.exe | 
"TCP Query User{BD6ABB4D-4874-422A-B4B7-14B1190FD5A4}C:\users\benutzer\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\benutzer\program files (x86)\dna\btdna.exe | 
"TCP Query User{BF98FB48-AA57-486E-8E74-02916C3BF4A9}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"TCP Query User{C258F9AB-F8B0-42C2-AF08-B9025FAB3474}C:\users\benutzer\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\benutzer\program files (x86)\dna\btdna.exe | 
"TCP Query User{C4E0A3D9-0FFF-4A7F-B2C9-0DD5D317CC90}C:\users\benutzer\appdata\local\temp\rarsfx4\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx4\hl.exe | 
"TCP Query User{C5ECFCB8-DA13-404B-A8FF-82B6F1856945}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{CD9ADCB3-D1DD-4330-B742-0DFAEBFD7B4D}D:\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv.exe | 
"TCP Query User{D0D3FFE5-7710-494B-8B54-5462FD56729B}C:\users\benutzer\appdata\local\temp\rarsfx5\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx5\hl.exe | 
"TCP Query User{D0D9A69E-E236-4A4E-BDE5-15CF170FF600}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{EC0C30BE-F920-472F-8BA3-92714E43EEBD}C:\users\benutzer\appdata\local\temp\rarsfx1\hl.exe" = protocol=6 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx1\hl.exe | 
"TCP Query User{EE90D081-5276-4DF6-81F0-8D375C1BA239}D:\teeworlds\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=d:\teeworlds\teeworlds_srv_race.exe | 
"TCP Query User{FD1EA2C0-4257-436D-B1AD-4054BC0C2B9E}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{00AF95E5-27BC-4DD2-A112-3CD8EAFCEB3D}F:\programme\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\programme\counter-strike source\hl2.exe | 
"UDP Query User{0B8B2CFC-B1E5-4897-8599-C47C5698C5B5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{0C639ECA-E09C-48DA-BA44-41255F41D277}C:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe | 
"UDP Query User{1058370B-A31F-47CC-9B4F-34C53E9DAF65}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{1A4908C8-301B-4944-9DF5-4D95BA3B862C}C:\program files (x86)\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{1E64FCE3-A9DB-477A-B1CF-518A9A600C0A}C:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\spiele\counter-strike source\hl2.exe | 
"UDP Query User{2165152E-A26F-4683-9C1B-E0CC021201E4}C:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"UDP Query User{241F8F9D-B972-4948-A0F2-2F5A4C8F30CF}C:\program files (x86)\warsow 0.5\warsow_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warsow 0.5\warsow_x64.exe | 
"UDP Query User{2AF1F24D-9740-4F29-8CB8-AFC7B1B34309}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{2C9EE115-9744-48EA-B758-91BC490A9440}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{2CB5D3DA-00C5-4CD7-9B3F-2DEE5CB40A1E}C:\users\benutzer\appdata\local\temp\rarsfx5\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx5\hl.exe | 
"UDP Query User{2F39AB4F-1452-412B-8931-B97690D912C8}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"UDP Query User{2F7D0C7E-42CA-4DD2-A94A-F712A3B22F88}C:\users\benutzer\appdata\local\temp\rarsfx1\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx1\hl.exe | 
"UDP Query User{39384550-ED57-4480-ABBD-4B33275BE045}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3965558B-44BB-42CC-8440-3E5077DB6FD1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{39D3208C-0CC6-496A-AC8A-8C48F1BCB56F}F:\[ego] counter strike source\hl2.exe" = protocol=17 | dir=in | app=f:\[ego] counter strike source\hl2.exe | 
"UDP Query User{4144B005-6C53-4036-8A10-E27790B5E7EB}C:\users\benutzer\appdata\local\temp\rarsfx4\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx4\hl.exe | 
"UDP Query User{4520DDDE-706B-4B3B-A27C-7E0AA399E0C5}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe | 
"UDP Query User{464BFC0F-902F-47DA-9D9C-CD012D92A60A}C:\program files (x86)\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{488A15AE-092E-4E57-8D90-70DDB20B11A3}C:\users\benutzer\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\benutzer\program files (x86)\dna\btdna.exe | 
"UDP Query User{4C013C87-5E91-4F60-AEB6-C309B1B93C0D}C:\users\benutzer\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx0\hl.exe | 
"UDP Query User{4F7E57BC-5AF7-4022-AC56-71184CF23046}D:\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\counter-strike source\hl2.exe | 
"UDP Query User{547BCD72-1ACB-4B2A-856E-B8EC4E625B6E}C:\users\benutzer\appdata\local\temp\rarsfx2\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx2\hl.exe | 
"UDP Query User{67ADA67B-472A-4C33-9748-AB492C122DFB}C:\users\benutzer\desktop\neuer ordner\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{7060A277-172C-41CE-A2B5-BF781D25902C}C:\users\benutzer\appdata\local\temp\rarsfx6\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx6\hl.exe | 
"UDP Query User{7161CB82-38F8-4B4B-A665-D4160124B79E}D:\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv.exe | 
"UDP Query User{7B1ABFFD-6116-402C-9281-EF8371D499D4}F:\programme\teeworlds\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=f:\programme\teeworlds\teeworlds_srv_instagib.exe | 
"UDP Query User{84D4391A-0AC3-4B3F-AB45-31981E66CAF9}C:\users\benutzer\appdata\local\temp\rarsfx3\hl.exe" = protocol=17 | dir=in | app=c:\users\benutzer\appdata\local\temp\rarsfx3\hl.exe | 
"UDP Query User{8B49F068-5A3B-481A-8ECA-5CAD2D8E4957}C:\users\benutzer\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\benutzer\program files (x86)\dna\btdna.exe | 
"UDP Query User{933044F2-5476-40B7-A44F-E13C7124D51F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{97E26CC8-561B-48E6-BCF3-FFFC3744E350}C:\program files (x86)\pinnacle\videospin\programs\videospin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"UDP Query User{A2B0BA38-4650-40D4-9CD5-44D10B79ACC3}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{A618D8A1-B38F-40C3-BBA4-3A354B7827C3}D:\teeworlds\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv_instagib.exe | 
"UDP Query User{AB0C5320-DC8F-4964-838B-B2BE354F0A06}F:\test.exe" = protocol=17 | dir=in | app=f:\test.exe | 
"UDP Query User{AF5A9AD2-2AEF-44D4-B165-959D4471437A}D:\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv.exe | 
"UDP Query User{B037EF6A-A8D8-46BC-8564-35CEB65A8D70}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"UDP Query User{CE452605-34F4-452E-BA07-78C29A2F792C}D:\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\counter-strike source\hl2.exe | 
"UDP Query User{D38251C2-FCD2-4004-A372-EDD57FFC49DF}F:\programme\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\programme\counter-strike source\hl2.exe | 
"UDP Query User{D3F86285-E186-4C12-8496-F3A8140891ED}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{E0349AEB-F144-4B08-88A3-7775E920A351}D:\teeworlds\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv_race.exe | 
"UDP Query User{E380FA19-B8B3-42E2-B087-45565B860038}H:\niklas\downloadspiele für pc\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=h:\niklas\downloadspiele für pc\wow-dede-installer-downloader.exe | 
"UDP Query User{EAF7A102-F16E-4E34-A2E6-B5E4B50237F7}D:\teeworlds\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv_instagib.exe | 
"UDP Query User{ECBDD837-A6AA-4174-B287-9BF47282A74D}F:\programme\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=f:\programme\teeworlds\teeworlds_srv.exe | 
"UDP Query User{EEF735D6-C95C-48B9-8D41-228FDF20D227}C:\users\benutzer\desktop\neuer ordner\teeworlds\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\teeworlds\teeworlds_srv_instagib.exe | 
"UDP Query User{F1A7EE6E-77EB-45BB-A1A9-EEE74BEF77E4}C:\users\benutzer\desktop\neuer ordner\tee-strike-0.1.0-win32\tee-strike_srv.exe" = protocol=17 | dir=in | app=c:\users\benutzer\desktop\neuer ordner\tee-strike-0.1.0-win32\tee-strike_srv.exe | 
"UDP Query User{F1E90FDB-714D-4CF7-8CD6-8872BA3E6860}D:\teeworlds\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=d:\teeworlds\teeworlds_srv_race.exe | 
"UDP Query User{FF2AC194-F017-477A-8EFB-6C76838A9787}D:\teeworlds\train1.1_srv.exe" = protocol=17 | dir=in | app=d:\teeworlds\train1.1_srv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC599}" = Paint.NET v3.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Premium
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"BejE9zsrv_is1" = All In One
"Blue Byte Game Channel" = Blue Byte Game Channel
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Finale NotePad 2004" = Finale NotePad 2004
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FontCreator6_is1" = High-Logic FontCreator 6.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.30
"Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.47
"Just Cause 2_is1" = Just Cause 2
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.1.1.29 (D)
"MAGIX Music Cleaning Lab 2007 deluxe D" = MAGIX Music Cleaning Lab 2007 deluxe 8.0.1.0 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.29 (D)
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manhunt 2" = Manhunt 2
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Notepad++" = Notepad++
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"PunkBusterSvc" = PunkBuster Services
"S4Uninst" = Die Siedler IV
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SPYWAREfighter" = SPYWAREfighter
"ST6UNST #1" = BEWERBUNGS-MASTER
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TheLastRipper" = TheLastRipper 1.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinGTK-2_is1" = GTK+ 2.4.3 runtime environment
"WinRAR archiver" = WinRAR
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CreepSmash.com" = CreepSmash.com
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.02.2011 08:54:42 | Computer Name = Benutzer-PC | Source = Application Hang | ID = 1002
Description = Programm avwebloader.exe, Version 1.1.8.3 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 9b4  Anfangszeit: 01cbd6759619eb64  Zeitpunkt der
 Beendigung: 17
 
Error - 27.02.2011 08:59:19 | Computer Name = Benutzer-PC | Source = Application Hang | ID = 1002
Description = Programm Load.exe, Version 3.3.6.1 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fec  Anfangszeit: 01cbd67d933c0631  Zeitpunkt der Beendigung:
 11
 
Error - 27.02.2011 09:49:03 | Computer Name = Benutzer-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.0.0.156 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1390  Anfangszeit: 01cbd6845de43132  Zeitpunkt der Beendigung:
 63
 
Error - 27.02.2011 10:19:08 | Computer Name = Benutzer-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 9.0.0.20 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 488  Anfangszeit: 01cbd689077f840e  Zeitpunkt der Beendigung:
 11
 
Error - 27.02.2011 10:25:02 | Computer Name = Benutzer-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Benutzer\Downloads\SoftonicDownloader_fuer_a-squared.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.
 
Error - 27.02.2011 10:30:29 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.02.2011 10:30:29 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.02.2011 10:34:39 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.02.2011 10:34:41 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.02.2011 10:35:03 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 27.02.2011 10:28:54 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 27.02.2011 10:29:39 | Computer Name = Benutzer-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.02.2011 10:31:10 | Computer Name = Benutzer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.02.2011 10:31:10 | Computer Name = Benutzer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.02.2011 10:32:59 | Computer Name = Benutzer-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = 
 
Error - 27.02.2011 10:33:22 | Computer Name = Benutzer-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.02.2011 um 15:32:11 unerwartet heruntergefahren.
 
Error - 27.02.2011 10:33:25 | Computer Name = Benutzer-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.02.2011 10:34:55 | Computer Name = Benutzer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.02.2011 10:34:55 | Computer Name = Benutzer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.02.2011 10:36:00 | Computer Name = Benutzer-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.02.2011 15:43:36 - Run 1
OTL by OldTimer - Version 3.2.22.1     Folder = C:\Users\Benutzer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 89,95 Gb Free Space | 61,41% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 151,47 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive E: | 40,52 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1397,26 Gb Total Space | 1173,63 Gb Free Space | 84,00% Space Free | Partition Type: NTFS
 
Computer Name: BENUTZER-PC | User Name: Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benutzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe (Ginger Software)
PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Preventon Technologies Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - c:\Windows\SysWOW64\meofvttnlvr.exe (Helper)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files (x86)\Uevljjdblztlvmca\meofvttnlv.exe (Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Benutzer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AV Engine Scanning Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (tuajxvjaxcahyu) -- c:\Windows\SysWOW64\meofvttnlvr.exe (Helper)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\DRIVERS\avfsfilter.sys ()
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys ()
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys ()
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys ()
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=16508
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "www.Freeware-download.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home?AF=16508"
FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {d95e614b-c28e-43af-a326-ca590e18abd6}:1.5
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: gb@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.2.0
FF - prefs.js..extensions.enabledItems: {26647ca4-a2a7-4eac-8a72-761aa9141de7}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.17 17:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.17 17:27:10 | 000,000,000 | ---D | M]
 
[2010.03.14 11:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions
[2009.05.14 18:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\extensions
[2009.05.14 18:04:03 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.02.27 10:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions
[2010.05.26 17:23:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.22 15:52:27 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2010.11.25 19:11:19 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2010.11.25 19:11:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.01.24 21:18:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.25 21:46:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.25 19:11:20 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.24 15:36:55 | 000,000,000 | ---D | M] (APNG Edit) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{d95e614b-c28e-43af-a326-ca590e18abd6}
[2010.06.10 18:47:30 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.09.25 15:40:25 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.22 15:52:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\engine@conduit.com
[2011.02.26 16:39:29 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\ffxtlbr@babylon.com
[2010.09.30 15:54:47 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\h45jdrwj.default\extensions\gb@toolbar
[2010.10.24 21:56:34 | 000,000,953 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\h45jdrwj.default\searchplugins\conduit.xml
[2010.09.30 15:55:05 | 000,001,571 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\h45jdrwj.default\searchplugins\web-search.xml
[2011.02.26 16:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.20 16:12:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 19:16:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.26 16:40:18 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.17 13:52:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.02.26 16:39:23 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2010.09.17 13:52:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.17 13:52:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.17 13:52:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.17 13:52:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} -  File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} -  File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files (x86)\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (www.Freeware-download.com Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files (x86)\Free_Lunch_Design\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AttuneClientEngine] C:\Program Files (x86)\Aveo\Attune\bin\attune_ce.exe (Aveo Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BrMfcWnd]  File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [Steam]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.06 13:52:34 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{16892e29-40a6-11de-a52c-001966b1e7f7}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{16892e29-40a6-11de-a52c-001966b1e7f7}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{16892e29-40a6-11de-a52c-001966b1e7f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
O33 - MountPoints2\{238ee943-2d99-11df-b617-001966b1e7f7}\Shell\Autoplay\command - "" = G:\usb_auto.exe
O33 - MountPoints2\{238ee943-2d99-11df-b617-001966b1e7f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\usb_auto.exe
O33 - MountPoints2\{238ee943-2d99-11df-b617-001966b1e7f7}\Shell\explore\Command - "" = G:\usb_auto.exe
O33 - MountPoints2\{238ee943-2d99-11df-b617-001966b1e7f7}\Shell\Open\Command - "" = G:\usb_auto.exe
O33 - MountPoints2\{57e1b559-d922-11de-b253-001966b1e7f7}\Shell - "" = AutoRun
O33 - MountPoints2\{57e1b559-d922-11de-b253-001966b1e7f7}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{5d427165-0d44-11e0-893c-001966b1e7f7}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{5f7f6a6d-4dc1-11de-9de2-001966b1e7f7}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{5f7f6a6d-4dc1-11de-9de2-001966b1e7f7}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{5f7f6a6d-4dc1-11de-9de2-001966b1e7f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
O33 - MountPoints2\{75382a7a-0796-11e0-850c-001966b1e7f7}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{75382a7a-0796-11e0-850c-001966b1e7f7}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe
O33 - MountPoints2\{75382a7a-0796-11e0-850c-001966b1e7f7}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
O33 - MountPoints2\{f1be567a-3eca-11de-b89c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f1be567a-3eca-11de-b89c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2009.10.07 16:59:08 | 004,061,014 | R--- | M] (MatchWare A/S)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.27 15:20:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
[2011.02.27 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Malwarebytes
[2011.02.27 14:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.27 14:17:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.27 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.27 14:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.02.27 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\MFTools
[2011.02.27 10:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.02.27 10:26:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\SysWow64\drivers\ssmdrv.sys
[2011.02.27 10:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.02.27 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.02.26 16:40:34 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\Babylon
[2011.02.26 16:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2011.02.26 16:40:11 | 000,000,000 | ---D | C] -- C:\Programme\Babylon
[2011.02.26 16:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2011.02.26 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2011.02.26 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Babylon
[2011.02.26 16:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.02.26 16:33:50 | 067,563,112 | ---- | C] (Emsi Software GmbH                                          ) -- C:\Users\Benutzer\Desktop\a2FreeSetup22.exe
[2011.02.25 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.02.25 20:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2011.02.25 20:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2011.02.25 20:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011.02.25 20:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2011.02.25 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011.02.25 20:12:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}
[2011.02.25 20:05:06 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Fighters
[2011.02.25 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\PackageAware
[2011.02.24 10:26:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011.02.24 10:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011.02.24 10:24:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011.02.24 10:24:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011.02.24 10:24:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011.02.24 10:24:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011.02.24 10:23:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011.02.24 10:23:58 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011.02.24 10:23:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011.02.24 10:23:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011.02.24 10:23:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011.02.24 10:23:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011.02.24 10:23:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011.02.24 10:23:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011.02.24 10:23:48 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011.02.24 10:23:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011.02.24 10:23:48 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011.02.24 10:23:48 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011.02.10 20:47:21 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.10 20:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.10 20:47:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.02.10 20:47:03 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.02.10 20:47:02 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.10 20:47:02 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.10 20:47:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.10 20:47:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.10 20:47:02 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.02.10 20:47:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.02.04 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\.minecraft
[2011.02.04 17:07:29 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Documents\Square Enix
[2011.02.01 19:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX - Eidos Interactive
[2011.02.01 17:06:01 | 000,000,000 | R--D | C] -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.01.31 16:25:53 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.01.31 16:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.27 15:36:33 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E0D54C3-7787-4E8C-9A44-382EEE25EE3A}.job
[2011.02.27 15:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.27 15:33:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.27 15:33:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.27 15:33:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.02.27 15:20:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe
[2011.02.27 14:17:24 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 11:33:30 | 000,004,289 | ---- | M] () -- C:\Users\Benutzer\.recently-used.xbel
[2011.02.27 10:41:06 | 000,074,880 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.02.27 10:26:57 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.02.26 16:40:18 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.02.26 16:38:24 | 067,563,112 | ---- | M] (Emsi Software GmbH                                          ) -- C:\Users\Benutzer\Desktop\a2FreeSetup22.exe
[2011.02.25 23:38:08 | 000,181,248 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.25 20:22:25 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.02.24 10:18:31 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7030.DAT
[2011.02.15 22:51:09 | 000,002,440 | ---- | M] () -- C:\Users\Benutzer\Desktop\OpenDocument Text (neu).odt
[2011.02.15 00:26:39 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.15 00:26:39 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.15 00:26:39 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.15 00:26:39 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.15 00:26:39 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.12 13:23:01 | 003,093,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.01.31 16:25:53 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.01.31 16:23:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.31 16:23:34 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.31 16:23:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.29 20:25:44 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.27 14:17:24 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 14:14:37 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.02.27 11:33:30 | 000,004,289 | ---- | C] () -- C:\Users\Benutzer\.recently-used.xbel
[2011.02.27 10:26:57 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.02.27 10:26:37 | 000,074,880 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.02.26 16:39:21 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.02.25 20:22:25 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.02.24 10:24:24 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2011.02.24 10:24:21 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2011.02.24 10:24:21 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2011.02.24 10:24:07 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2011.02.24 10:24:05 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2011.02.24 10:24:05 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2011.02.24 10:24:05 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2011.02.24 10:23:58 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2011.02.24 10:23:58 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2011.02.24 10:23:58 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2011.02.24 10:23:58 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2011.02.24 10:23:58 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2011.02.24 10:23:52 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011.02.24 10:23:52 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011.02.24 10:23:52 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011.02.24 10:23:52 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011.02.24 10:23:52 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011.02.24 10:23:52 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011.02.24 10:23:49 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2011.02.24 10:23:48 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2011.02.24 10:23:48 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2011.02.24 10:23:48 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011.02.24 10:23:48 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2011.02.24 10:23:48 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2011.02.15 22:51:09 | 000,002,440 | ---- | C] () -- C:\Users\Benutzer\Desktop\OpenDocument Text (neu).odt
[2011.02.11 14:39:19 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2011.02.10 20:47:25 | 002,755,584 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.02.10 20:47:21 | 000,367,104 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.02.10 20:47:21 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.02.10 20:47:15 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2011.02.10 20:47:14 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2011.02.10 20:47:09 | 005,696,512 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.02.10 20:47:04 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.02.10 20:47:04 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.02.10 20:47:03 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.02.10 20:47:03 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.02.10 20:47:03 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.02.10 20:47:03 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.02.10 20:47:03 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.02.10 20:47:03 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011.02.10 20:47:03 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.02.10 20:47:02 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.02.10 20:47:02 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.02.10 20:47:02 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.02.10 20:47:02 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011.02.10 20:47:02 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.02.10 20:47:01 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.02.10 20:47:01 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011.02.10 20:46:55 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.10 20:46:54 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2011.01.31 16:23:34 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.11.28 12:38:47 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010.11.15 18:01:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.05 09:22:26 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2010.09.25 16:32:09 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.25 16:32:07 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010.09.25 16:32:07 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.22 21:22:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.10 18:51:11 | 000,000,016 | -H-- | C] () -- C:\Users\Benutzer\AppData\Local\mxfilerelatedcache.mxc2
[2010.08.10 18:51:10 | 000,000,016 | -H-- | C] () -- C:\Users\Benutzer\AppData\Roaming\mxfilerelatedcache.mxc2
[2010.08.08 10:15:50 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2010.08.08 10:12:16 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010.08.07 12:47:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2010.07.28 22:13:08 | 000,002,114 | ---- | C] () -- C:\Windows\tabled32.ini
[2010.05.25 14:14:00 | 000,000,028 | ---- | C] () -- C:\Windows\mscpt.dat
[2010.05.20 13:16:07 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2010.04.23 19:03:21 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2010.04.23 19:03:21 | 000,240,128 | ---- | C] () -- C:\Windows\SysWow64\x.264.exe
[2010.04.23 19:03:21 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2010.04.23 19:03:21 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2010.04.23 19:03:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.11 15:28:04 | 000,009,857 | ---- | C] () -- C:\Windows\SysWow64\mswunzore.dll
[2009.12.30 19:21:30 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.30 19:21:30 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2009.12.30 19:17:37 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2009.12.30 19:16:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009.11.06 16:26:28 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.11.03 19:21:11 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.10.06 15:36:22 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.10.06 15:36:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.11 02:23:46 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\msnuncer-.dll
[2009.06.07 12:47:24 | 000,000,472 | ---- | C] () -- C:\Windows\eReg.dat
[2009.05.25 18:18:42 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.05.21 18:15:11 | 000,181,248 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.14 16:51:21 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\msnuczord.dll
[2009.05.12 09:12:49 | 000,005,131 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.05.12 09:07:40 | 000,000,732 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\d3d9caps64.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.01.26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007.01.26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.02.04 23:13:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\.minecraft
[2011.02.26 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Babylon
[2009.11.24 18:56:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DAEMON Tools Lite
[2011.01.25 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.25 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Fighters
[2011.01.02 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FontCreator
[2011.01.22 23:44:47 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\GetRightToGo
[2010.02.10 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\GHISLER
[2010.08.13 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\gtk-2.0
[2010.10.08 17:44:52 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Guitar Pro 6
[2011.02.27 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ICQ
[2009.06.12 14:24:44 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Inkscape
[2009.12.26 21:51:57 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Leadertech
[2010.08.07 12:48:17 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\MAGIX
[2010.05.27 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Notepad++
[2009.05.13 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org
[2009.05.12 09:53:24 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\PersBackup
[2009.11.01 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\SmartDraw
[2010.04.16 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TeamViewer
[2010.04.12 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Teeworlds
[2010.03.18 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TheLastRipper
[2010.03.02 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Thinstall
[2010.08.23 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TS3Client
[2009.12.22 14:52:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TuneUp Software
[2010.09.07 16:48:39 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ubisoft
[2009.12.03 18:55:29 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\uTorrent
[2011.01.03 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\VBA-M
[2010.11.28 12:47:41 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Warsow 0.5
[2011.02.27 15:28:10 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.27 15:51:04 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7E0D54C3-7787-4E8C-9A44-382EEE25EE3A}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---


MfG
Hym

Geändert von Hym (27.02.2011 um 15:10 Uhr)

Alt 27.02.2011, 15:11   #2
markusg
/// Malware-holic
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



hiho,
was ist mit otl.txt?
__________________

__________________

Alt 27.02.2011, 15:19   #3
Hym
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



ich hab nochmal editiert.
das zweite Zitat müsste den Inhalt der otl.txt Datei beinhalten.
__________________

Alt 27.02.2011, 15:25   #4
markusg
/// Malware-holic
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



poste alle Malwarebytes logs.
zu finden unter malwarebytes, logdateien
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2011, 15:30   #5
Hym
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll





meinst du das?


Alt 27.02.2011, 15:33   #6
markusg
/// Malware-holic
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



was meine ich?
ich möchte die logs von malwarebytes, bzw deren inhalt als text.
__________________
--> Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll

Alt 27.02.2011, 15:57   #7
Hym
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



Sobald ich in Malwarebytes in Logdateien, doppelt auf diese Logdatei klicke, wird sie so geöffnet, und da kann ihc den Text leider nicht kopieren:



Aber der Inhalt in meinem letzten Post entspricht der Malwarebytes Logdatei, der beim öffnen angezeigt wird. Nur kann ich dir nicht die Informationen als Text sondern nur als Grafik wegen dem oben genannten Grund geben.
Vielleicht bin ich auch einfach nur zu dumm.

Alt 27.02.2011, 16:04   #8
markusg
/// Malware-holic
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



öffne Malwarebytes logdateien dann wähle das erste klicke öffnen.
rechtsklick im nun aufgehenden editor, markieren dann kopieren dann hier auf antwort, rechtsklick einfügen,
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2011, 16:11   #9
Hym
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



Ich bin bereits auf Logdateien gegangen, auch mit Doppelklick auf die erste.
Es öffnet sich aber wie gesagt nicht der Editor sondern dieser Textimport von Open Office (siehe Bild im vorigen Beitrag)
Und dort gibt es keine Kopierfunktion.

Alt 27.02.2011, 17:11   #10
markusg
/// Malware-holic
 
Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Standard

Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll
0x00000001, alternate, antivir, askbar, audacity, avgntflt.sys, avira, avira antivir premium, babylon, babylontoolbar, browser, c:\windows\system32\rundll32.exe, call of duty, converter, counter-strike source, error, firefox, flash player, freese, google, google earth, helper, home, home premium, hängt, ieframe.dll, iexplore.exe, install.exe, location, logfile, lws.exe, mozilla, mp3, oldtimer, otl.exe, plug-in, programdata, programm, rarsfx0, registry, richtlinie, saver, sched.exe, search the web, searchplugins, security, server, service pack 1, shell32.dll, shortcut, siehe titel, skype.exe, software, sptd.sys, start menu, suite/avengine/avscanningservice.exe, suite/avengine/avwatchservice.exe, svchost.exe, syswow64, teamspeak, trojaner, videospin, vista, windows



Ähnliche Themen: Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll


  1. Windows 8.1: Runtime Errror c:\windows\syswow64\rundll32.exe und Update-Fehler bei Windows
    Log-Analyse und Auswertung - 24.11.2015 (14)
  2. Troj/AndroMem-B in C:\Windows\SysWOW64\msiexec.exe
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (11)
  3. Windows 7 Trojan.Agent, C:\Windows\SysWOW64\rlls.dll
    Log-Analyse und Auswertung - 26.08.2015 (7)
  4. C:\WINDOWS\SysWOW64\RunDll32.exe Virus?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (33)
  5. C:\Windows\SysWOW64\cleanmgr.exe wurde blockiert
    Log-Analyse und Auswertung - 04.01.2015 (22)
  6. Unicode Dateinamen in: C:\Windows\SysWOW64
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (10)
  7. C:\Windows\SysWow64\CScript.exe
    Log-Analyse und Auswertung - 01.03.2014 (11)
  8. C:\Windows\SysWow64\CScript.exe
    Alles rund um Windows - 19.02.2014 (5)
  9. Runtime Errror c:\windows\syswow64\rundll32.exe
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (15)
  10. Windows 7: u.A. Lange Bootzeit / Verdächtige Dateien im Ordner Windows/SysWOW64
    Log-Analyse und Auswertung - 23.09.2013 (21)
  11. TR/Click.Age.245760 in C:\Windows\SysWOW64\SUSB.exe
    Log-Analyse und Auswertung - 02.09.2013 (11)
  12. trojan.NTPacker in c:\windows\syswow64\propsys.dll
    Log-Analyse und Auswertung - 01.04.2013 (9)
  13. OTL-Scan: Veränderungen in Windows\SysNative und Windows\SysWow64
    Log-Analyse und Auswertung - 25.03.2013 (0)
  14. Win32/Cryptor in c:\Windows\SysWOW64\C_7370.dll
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (24)
  15. Mein Online-Banking wurde ausspioniert!! / Fehler in C:\Windows\SysWOW64\rundll32.exe. Folgender Eintrag fehlt: FQ10 (Beim Windows-Start)
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (2)
  16. Virus korwbrkrr.dll in C:\Windows\SysWOW64
    Log-Analyse und Auswertung - 30.06.2011 (11)
  17. Trojaner eingefangen |TR/Crypt.CFI.Gen' [trojan]| bzw. 'C:\Windows\SysWOW64\winfiles.exe'
    Log-Analyse und Auswertung - 19.11.2010 (7)

Zum Thema Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll - Hallo. Meinen Virenprogramm Avira Antivir Premium hat einen Trojaner (siehe Titel) entdeckt, löschbar ist er aber nicht. Mittlerweile geht nur teilweise mein Browser und alles hängt oder geht gar nicht. - Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll...
Archiv
Du betrachtest: Trojaner: TR/SPY.KeyLogger.ilw in C:\Windows\SysWOW64\msnuncer-.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.