|
Plagegeister aller Art und deren Bekämpfung: W32/PatchLoad.A und weitere Trojaner gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.01.2012, 19:04 | #1 |
| W32/PatchLoad.A und weitere Trojaner gefunden Hallo zusammen, nachdem ich den USB-Stick eines Bekannten, ohne ihn vorher zu scannen, geöffnet habe, meldete Avira ununterbrochen gefundene Malware. Da ich die infizierten Dateien auch nach etlichen Komplett-Scans mit Avira nicht beseitigen konnte und gern um das Formatieren herum kommen würde, bitte ich euch um eure Hilfe. OTL: OTL logfile created on: 17.01.2012 18:54:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthias\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free 6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.17 18:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe PRC - [2012.01.14 23:01:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.09.07 11:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.11.12 22:33:04 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\DNA\btdna.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.01 21:42:40 | 001,655,552 | ---- | M] () -- C:\Programme\COMODO\Firewall\cfp.exe PRC - [2008.05.22 15:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.25 19:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 19:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.17 13:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.07.05 05:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe ========== Modules (No Company Name) ========== MOD - [2012.01.14 23:01:32 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.11.17 11:38:07 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.11.17 10:22:10 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2008.10.01 21:42:42 | 000,143,104 | ---- | M] () -- C:\Windows\System32\guard32.dll MOD - [2008.10.01 21:42:40 | 001,655,552 | ---- | M] () -- C:\Programme\COMODO\Firewall\cfp.exe MOD - [2008.01.21 03:24:02 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2007.08.14 11:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 11:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 11:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Samsung Update Plus) SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - File not found [On_Demand | Stopped] -- -- (ose) SRV - File not found [Auto | Stopped] -- -- (nvsvc) SRV - File not found [Auto | Stopped] -- -- (LightScribeService) SRV - File not found [On_Demand | Stopped] -- -- (iPod Service) SRV - File not found [Auto | Stopped] -- -- (cmdAgent) SRV - File not found [Auto | Stopped] -- -- (Bonjour Service) SRV - File not found [Auto | Stopped] -- -- (Application Updater) SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device) SRV - File not found [Auto | Stopped] -- -- (AntiVirService) SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService) SRV - [2010.07.29 17:58:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.01.21 03:23:43 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\RIOUNIV.dll -- (mediamaxxlservice) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2009.12.07 20:43:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.17 09:44:11 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2008.11.17 09:44:11 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27obex.sys -- (SE27obex) DRV - [2008.11.17 09:44:11 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2008.11.17 09:44:11 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2008.10.12 22:55:36 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.10.01 21:42:42 | 000,085,008 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2008.10.01 21:42:42 | 000,073,232 | ---- | M] (COMODO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect) DRV - [2008.10.01 21:42:42 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2008.06.09 15:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.04.05 22:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2007.09.13 23:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.05.16 17:43:14 | 000,871,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\G220Vista.sys -- (athrusb6) DRV - [2006.11.14 07:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2005.09.23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 23:01:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.17 11:34:59 | 000,000,000 | ---D | M] [2008.10.19 13:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2011.12.21 09:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions [2009.09.25 22:11:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.19 16:37:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(222) [2012.01.14 23:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 09:53:08 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2011.12.21 09:53:18 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.01.14 23:01:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.17 11:34:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 09:16:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 09:16:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.03 09:16:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 09:16:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 09:16:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 09:16:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.07.31 12:21:01 | 000,001,295 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_15_Plus_Download-Version\Trayserver.exe (MAGIX AG) O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Power2GoExpress] NA File not found O4 - HKCU..\Run: [vasja] C:\Users\Matthias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWS9XVV\35b05506dcef3bdff13a2c485c7b26e051fee7a76b9b62eab5b75b19561a107c[1] File not found O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD3918D8-4438-4915-B598-9E132A2B6227}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Matthias\AppData\Local\360727e9\X) -C:\Users\Matthias\AppData\Local\360727e9\X () O24 - Desktop WallPaper: C:\Users\Matthias\Pictures\pi du bist cover.jpg O24 - Desktop BackupWallPaper: C:\Users\Matthias\Pictures\pi du bist cover.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{41e3687f-aaa5-11df-9aec-0013776e8c51}\Shell\AutoRun\command - "" = xrWRew.ExE O33 - MountPoints2\{41e3687f-aaa5-11df-9aec-0013776e8c51}\Shell\oPEN\CommaND - "" = xrwRew.EXE O33 - MountPoints2\{480df03f-9121-11dd-a2cb-0013776e8c51}\Shell - "" = AutoRun O33 - MountPoints2\{480df03f-9121-11dd-a2cb-0013776e8c51}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\AutoRun\command - "" = G:\dolly\\bejbe.exe O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\explore\command - "" = G:\dolly\bejbe.exe O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\install\command - "" = G:\dolly\bejbe.exe O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\open\command - "" = G:\dolly\bejbe.exe O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\1\Command - "" = Recycled.exe O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\2\Command - "" = Recycled.exe O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\AutoRun\command - "" = Recycled.exe O33 - MountPoints2\{dcd4daed-9902-11dd-ad2b-0013776e8c51}\Shell - "" = AutoRun O33 - MountPoints2\{dcd4daed-9902-11dd-ad2b-0013776e8c51}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{f58aa37e-ddd7-11de-8900-0013776e8c51}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: mediamaxxlservice - C:\Windows\System32\RIOUNIV.dll (Iomega) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.08 15:38:47 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\AppData\Local\360727e9 [2011.12.20 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2011.12.20 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2011.12.20 20:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.17 18:50:02 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.17 18:49:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 18:49:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.17 18:49:42 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd [2012.01.17 18:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.17 18:49:34 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2012.01.17 18:48:16 | 000,000,020 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.01.09 14:47:57 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.08 15:06:42 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.08 15:06:42 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.08 15:06:42 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.08 15:06:42 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.05 15:20:02 | 000,080,384 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.21 15:26:22 | 000,001,958 | ---- | M] () -- C:\Users\Matthias\Desktop\signatur.jpg [2011.12.20 21:09:59 | 000,492,135 | ---- | M] () -- C:\Users\Matthias\Desktop\fk internationales.pdf [2011.12.20 21:08:09 | 000,025,414 | ---- | M] () -- C:\Users\Matthias\Desktop\Praktikum Buch Camp.pdf [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.17 18:47:52 | 000,000,020 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.01.14 23:03:45 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd [2012.01.14 23:00:24 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys [2011.12.21 15:26:22 | 000,001,958 | ---- | C] () -- C:\Users\Matthias\Desktop\signatur.jpg [2011.12.20 21:09:59 | 000,492,135 | ---- | C] () -- C:\Users\Matthias\Desktop\fk internationales.pdf [2011.12.20 21:08:09 | 000,025,414 | ---- | C] () -- C:\Users\Matthias\Desktop\Praktikum Buch Camp.pdf [2011.10.12 07:20:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.07.31 12:23:46 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.07.31 12:23:46 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.07.31 12:23:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010.07.25 11:07:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.07.25 11:07:22 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.01.29 11:21:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.01.14 17:36:21 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2010.01.14 17:36:21 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2009.10.20 22:22:05 | 000,000,096 | ---- | C] () -- C:\Users\Matthias\AppData\Local\fusioncache.dat [2008.11.15 22:13:32 | 000,000,386 | ---- | C] () -- C:\Windows\psnetwork.ini [2008.11.15 22:13:32 | 000,000,074 | ---- | C] () -- C:\Windows\powerplayer.ini [2008.11.15 22:13:32 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini [2008.11.12 18:12:04 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.10.03 20:19:44 | 000,080,384 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.02 00:12:34 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.10.02 00:12:18 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.02 00:06:41 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.10.01 23:55:46 | 000,000,135 | ---- | C] () -- C:\Windows\System32\lngEng.ini [2008.10.01 23:55:46 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.10.01 23:45:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.10.01 23:43:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.10.01 23:43:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.10.01 21:42:43 | 000,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll [2008.10.01 20:40:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.10.01 20:40:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.01 19:13:29 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.01.21 08:15:58 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.10 07:00:00 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE [2007.02.26 14:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.30 01:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,326,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll ========== LOP Check ========== [2010.07.14 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\2K Sports [2008.12.07 02:17:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore [2011.11.06 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent [2008.10.12 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools [2012.01.17 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DNA [2009.09.22 23:06:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GetRightToGo [2011.09.01 09:03:42 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010.07.25 11:16:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX [2010.07.16 21:50:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mirillis [2008.12.18 18:08:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MyPhoneExplorer [2011.11.17 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2010.07.16 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Panasonic [2008.11.15 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ppstream [2012.01.17 18:48:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.01 19:13:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.07.08 15:56:07 | 000,000,000 | ---D | M] -- C:\avs contents [2008.10.01 19:53:17 | 000,000,000 | -HSD | M] -- C:\Boot [2008.08.24 23:31:33 | 000,000,000 | ---D | M] -- C:\dell [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.08.06 19:35:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.08.24 23:31:15 | 000,000,000 | ---D | M] -- C:\drivers [2010.06.25 08:46:54 | 000,000,000 | ---D | M] -- C:\f2bf8f39d17e9fe954370c [2008.08.24 23:31:55 | 000,000,000 | ---D | M] -- C:\i386 [2008.07.08 15:11:45 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.16 23:11:59 | 000,000,000 | ---D | M] -- C:\MC_TMP [2008.07.08 15:39:12 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.07.08 15:26:32 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.20 20:52:53 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.17 11:35:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.08.06 19:35:22 | 000,000,000 | -HSD | M] -- C:\Programme [2008.07.08 15:36:25 | 000,000,000 | ---D | M] -- C:\Samsung [2011.08.18 06:14:49 | 000,000,000 | -H-D | M] -- C:\suifysuidhg [2012.01.17 18:58:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.10.01 19:13:27 | 000,000,000 | R--D | M] -- C:\Users [2012.01.08 15:38:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys [2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys [2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys [2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys [2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys [2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 09:19:15 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB60945$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Extras: OTL Extras logfile created on: 17.01.2012 18:54:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthias\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free 6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1D81EB0E-DA43-4438-ACCE-287D7B88C397}" = lport=138 | protocol=17 | dir=in | app=system | "{3758D63F-BF4D-498B-A165-D60B2F162040}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{405CA29F-E983-4724-A059-AD99F36B4D4B}" = lport=2869 | protocol=6 | dir=in | app=system | "{411579C5-67CD-454C-AD5D-6F8E380F3482}" = rport=138 | protocol=17 | dir=out | app=system | "{418E927E-E81C-4203-BA42-2941AE690D02}" = lport=445 | protocol=6 | dir=in | app=system | "{457392A2-E167-4B9A-B4AE-96B0CA1824F9}" = rport=445 | protocol=6 | dir=out | app=system | "{96992E1D-C323-4BAB-99C2-82E8D839C6CE}" = rport=139 | protocol=6 | dir=out | app=system | "{C141CA80-AAAB-4B45-B6C4-EA27F1B505E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D2F570F7-2902-46CE-AC28-E23BD278B668}" = lport=139 | protocol=6 | dir=in | app=system | "{EEC854BD-ECDD-430D-ACDC-F52FCF9D0A1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC9A57C4-086F-46F9-A893-5E62E98F3A02}" = rport=137 | protocol=17 | dir=out | app=system | "{FD7C8DAD-AA0D-4120-B2D7-0C1AE6F21973}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0457E381-A197-4E20-A96F-C357CAAB9820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0BD3DA30-F0E9-4675-B142-46A17DDD4D5F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{0BE80420-B1F9-4774-BB5E-12EE6BBFCFD2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{0D5008DD-D2A6-4446-B58F-46F4A3A7939F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{1048AAC5-9F97-41DE-8A5C-D05B08C6FF66}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{12D371EA-C7A7-4D76-B23F-D8A167CE67B9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1315D249-9D46-4792-B68C-AC1A4E00FB0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{14307BB8-AA08-45DF-84EF-8813CC25D5F5}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{14BA75AB-1439-45A1-A4B1-399BDF45579A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1621A0EF-56D2-4FCC-80C3-FA7488797B6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{18E6D8CF-BCA5-4AFB-A48D-E614D6EE4755}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{1A674C65-8A46-43C2-A8C8-1DD1A894084E}" = protocol=6 | dir=in | app=d:\games\pes2010\pes2010.exe | "{1B219B8A-B572-4960-9D7F-7DCBF19BE0A4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{1C1DC933-3CB5-4E1E-B38D-F96132672497}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1D82303C-A973-4B4F-9E6E-B19973D27A6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{1E70FB97-AA53-4E67-9791-C63BEF60388B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{20061993-2D74-4204-BEC3-AD5953A1EADE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{267DEB56-81E6-4E70-B9A0-A68B6056F771}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{26978B87-53FB-4692-A69E-D52F1068FD89}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{26E20C68-5545-4B4F-A04C-70133A72E66F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2ADA7EAC-A905-4A32-98BA-79B394D53780}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D8BB844-40E1-4DCD-BB27-8F4A86C645EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{2F784243-0772-4B59-9DB7-A6A2B20E39D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2FCB93AC-CC42-4C30-B655-3B549A62C7CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{30809BBF-BDFD-408D-B021-4A230ECB8FE9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{32C5BCBD-CC69-439C-9A2E-F24AD6A57BB3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{33B6E8A5-52A8-4D9E-92DF-80F0C2AB1B27}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{345AB714-AEE9-4B70-B08D-DA510A29DC90}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{35E28D68-EE1A-4A02-83F7-43883BF04A29}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{377250EA-8EEF-444B-91A5-6ACDB76EB695}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{388B1ADD-91AC-4737-B639-8BEC8BCA5A24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3AD24F3F-B18B-4F8E-9FCE-5158BEDA7B5E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3C42301F-3804-41ED-824D-6542795C1A67}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3D6486C8-F244-4A3A-93A0-979FE4601D40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{41EF3AF0-B56E-45F4-87DE-3A65D6FC3A00}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{42337004-D73F-4FF2-9017-71BAA3F20E3F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{45C39444-F4DC-4801-AB4E-BBCF999B7610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{466B32C4-67EC-4F9B-925C-3926FEC3782B}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{478E9238-BCF9-436F-AD4C-94742287F154}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{4BB8E9F6-1031-49AF-B6EA-6E9D3F7A9633}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{4F508379-AE72-4796-BA78-1E7B1CC66F61}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{5167EBED-4F83-4CB7-AE2C-095BB2D5B470}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{516E2C64-DBCF-4307-B4B4-E99784D17685}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53656EF4-8A77-4D5E-A5B3-0B10347E3DCB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{591649D2-BDE6-4CA0-8C9B-7DF90013E57D}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{5D5CAF7B-B43E-4AA4-A912-A9A2C790E1A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{5E9AD099-A2CA-4034-AC1A-2D6D7A259607}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6508F088-0C76-4E77-BA39-DBED13671A5A}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{654321EB-F266-450F-9E99-185EABD3BECB}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{655A8DEC-47AA-4AB1-B48D-00BDB2041260}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{6AD26BA0-86B1-44BA-9087-B8932572C43C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{6DC12833-0BF1-493C-8763-507EC2DE2E0C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6DFBA6A9-B34D-4E90-80DF-22995741418F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{6EB029D0-BA2E-4414-B50C-E99BECC0C6AB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6F081F6E-824C-4E87-8DA1-79C62C2194EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{701B8C6A-D3EC-443C-837A-45E296D97E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7162772E-3205-4200-A76E-DB961598431C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{71B5FD02-2324-4F48-ADBA-02E913387FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{7A48414E-E154-49D1-A31F-9A2ED96CDBFA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{7AB98D4C-B34D-4EC2-B907-3BE18956ECC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{82BB5154-6D17-4C3F-904A-431215C3D01A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{880559A0-6F51-4CDE-B6A3-DD3A189B7A94}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C353662-4691-4CD5-9FB5-66FCFD630C8E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{90518E9F-2D53-45E2-B155-F982AC77242F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{93E94AD7-3FC5-45DF-A0AC-811FCAE95B4B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{9C9D46E0-0234-48CD-A7CE-8CB1A4B48149}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{9D278C84-96E0-45D4-ADA1-B7B6257653B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{9D3EA30D-67A0-4568-B438-17CE4C65FC58}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{9E1884A9-95B0-45DB-9DCF-D943BCEDB87C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A07BD0D1-D351-4654-8DE8-6404B9351E12}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A1766E46-D12B-4622-B013-665A48D4E5A2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A1E16744-B5C8-4276-8B25-2C339E64664E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{A4859F63-EFFF-410D-AE42-6BBD6FC34D18}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{A9F3CCD6-AAA2-419C-91B2-258E63A8DBFE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AB6FBCA7-4C0E-499C-9E4E-7C438A175A4D}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AC5DB681-E2EF-49D7-A3DA-E47DEB36CF66}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AD15DA06-8926-43C9-8EB8-D2F85A0BD6D2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{AD45B47E-91D7-4F26-A455-4F1CEC2A622E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{AD482B4F-2B4A-4B7F-8DBD-0D9770DE769C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{AE485B51-0FDD-46EB-BC2D-E09F0658AF45}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{AFD4BF36-287B-40AB-9822-88ED6E4E7AED}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{AFFEB403-DEAF-4A6B-BFD3-0E80E50C65B1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{B5A01784-EB88-443E-A599-B9F153BB993C}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{B803D8D7-51F2-40B0-8D32-46AA420915F8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{BADC9E24-EAFF-475F-A4B8-75ACF7B03547}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{BD950C3F-9857-4061-9831-9045EDB3BC7F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{BE6CC98F-DFEC-4A13-8427-8828F84599DE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{BEF0B7C2-EB0D-4DD9-A34E-E68ED38A3674}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{C1A00C60-FBEF-4779-A5DA-D9CBF785D5D9}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{C2A8F7E7-EB74-4DA9-BECF-1102D1D6A792}" = protocol=17 | dir=in | app=d:\games\pes2010\pes2010.exe | "{C2E1FBA0-1383-4D89-99C0-AC1C263D10F2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{C37512B4-617B-4B31-BA04-7E471F4F485C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C4105671-9991-45B8-917F-D56E87EF79F6}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{CE7950A5-DC81-44CE-861B-F2058B820020}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D314CDF6-54D8-4EC6-9FE0-36AFE1A6D9CB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{D3633E74-9DF3-4261-9495-5D428CCDCC57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{D79A101A-D309-452E-8145-DA70C426BF05}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{E0B15651-0DF6-4510-BE39-08A1B33A6944}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E4061EF2-B839-4317-B715-ADEED46513DE}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{E4D009F8-923C-41B3-8F7D-98920696B8BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{E9AF8D87-D178-4A69-8DA7-07BA27229BBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9B01827-1DA2-439E-AA37-C8EBB76E3387}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EA3E8B97-4565-4F41-8B2E-CEFB70A1F5A6}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EE7D7F83-F8FD-4445-8C72-FA62449DB88A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F0BCF5A1-6B45-4CFA-8F0A-B90EB1B388C4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F1A32106-197E-4A96-BEA2-80CA42F32E6C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{F4925486-668A-4928-95B6-C17143DB69EF}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F5459F7E-54BA-45ED-95E2-CEE1D73A0FFB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{F62D1D53-5922-4495-9BDC-791B7FB8D52F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6718128-B00A-4C55-B768-A339DE1F6762}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F71F6FA3-A8EB-4622-AC7F-15F9C368ABC1}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F79A5798-D45E-4438-B6AD-FF45688FAA07}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F7E40294-5082-4264-B4FD-F460DDEF800A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F8C1552A-EE40-40C4-B8B6-37AE29542496}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{FA71BEC0-0E37-440F-88CE-022E28A91B7F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{FA7FE057-9599-4364-9038-15589F94C4D4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{0A79E258-15DB-40C5-8FD2-13FDD1359B83}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0F8D781C-6E6A-48CF-B9A0-3EFF481AD5C7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{1B216D8A-A2B8-4F05-AF38-65529C6EABCE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{22CC7741-0CA1-4EF7-8740-432F5F5719FA}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{274D7D2D-1B30-4E0E-82A5-7AC82EED259E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{58DD89A2-3A1D-4237-A9EC-A5D914D0F556}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "TCP Query User{87532B1B-C502-4D60-A235-47FFF4FD11CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{A879A4F2-F357-4527-BE4C-6E46E57EF0F2}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "TCP Query User{B987F503-8BF7-4A60-94A2-69DB76CDF3C0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{C26BF490-97D1-4B78-9FFA-64BD16E2A91C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{CC440787-8375-405D-BAB4-FB7EC2DF2CF8}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "TCP Query User{D1E89AB1-B708-4939-A820-838674D592F0}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{DF9E434C-54C9-421C-98C0-DF2FFC3DEF6D}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "TCP Query User{DFB30973-65A9-4EC2-B5E5-106EA8CD6EEC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E2165A83-3B44-4CA1-8A26-92E154436728}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{EEF05005-6BF7-456E-BE24-2884B1275091}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{FB2BCE8A-1644-495F-8A5C-AD26ADC65968}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{0321C189-9FD9-4758-BBDF-9D2A6E93424F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{03764557-B324-4AB1-A707-1ED8B4E6CBD7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{3FAFE6E5-AE21-4DCD-B53B-2AE8B7743047}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "UDP Query User{54E9E826-7987-4671-9A5F-6B845040BCFA}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{552D2EB7-7289-4AEC-B20E-41906520F12F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{5C5137E1-C5C8-4994-B314-1B5120D3F9D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{61937566-D190-42F4-B031-F43CB60E9374}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "UDP Query User{6342480A-8FE9-4FEC-9564-32F516AE5011}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{6825B24A-FC8F-4733-A72E-D823B9510720}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "UDP Query User{89C23EBF-1CD8-493A-9518-AC95F5884906}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{916ED359-38DF-4FA3-9A90-61242AC259F7}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "UDP Query User{96D7AC1C-4D04-43B6-8A72-809696C5AA2C}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{990F559A-EEF2-4BEF-AB48-D0A28E4792B2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{9F2E9091-22E8-4865-842E-6AC090E7AE03}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "UDP Query User{A4E13806-496A-406F-92AC-962D9E85B430}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{D2BA4248-F757-442C-A17D-2BFDB8B644BD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F88818F6-DECA-4507-852C-E2BE4F9E10FE}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "7-Zip" = 7-Zip 4.57 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4 "AIM_6" = AIM "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "COMODO Firewall Pro" = COMODO Firewall Pro "dBpoweramp Music Converter" = dBpoweramp Music Converter "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code) "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "IrfanView" = IrfanView (remove only) "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "MAGIX Video deluxe 15 Plus Download-Version D" = MAGIX Video deluxe 15 Plus Download-Version 8.0.2.4 (D) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Orb" = Winamp Remote "PPStream_is1" = PPStream "RealAlt_is1" = Real Alternative 2.0.2 "SopCast" = SopCast 3.0.3 "Soulseek" = SoulSeek Client 156c "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veetle TV" = Veetle TV 0.9.18 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.1.0 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.01.2012 05:27:59 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.01.2012 05:48:05 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2012 05:55:53 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.01.2012 23:50:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2012 23:50:34 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.01.2012 07:36:18 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 08.01.2012 07:36:24 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.01.2012 08:58:57 | Computer Name = Matthias-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleMobileDeviceService.exe, Version 2.50.39.0, Zeitstempel 0x4a5d2d41, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00402747, Prozess-ID 0x7e0, Anwendungsstartzeit 01cccece729087ab. Error - 09.01.2012 08:59:32 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2012 09:12:13 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
29.01.2012, 19:14 | #2 |
/// Malwareteam | W32/PatchLoad.A und weitere Trojaner gefundenIch habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld Gruß, PsYcHoTiC
__________________ |
29.01.2012, 19:30 | #3 |
| W32/PatchLoad.A und weitere Trojaner gefunden Sorry, dass ich die Extras- und Gmer-Logs jetzt direkt poste, aber meine gezippten Anhänge werden hier immer wieder als ungültige Dateien bezeichnet.
__________________Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.01.2012 18:54:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthias\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free 6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1D81EB0E-DA43-4438-ACCE-287D7B88C397}" = lport=138 | protocol=17 | dir=in | app=system | "{3758D63F-BF4D-498B-A165-D60B2F162040}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{405CA29F-E983-4724-A059-AD99F36B4D4B}" = lport=2869 | protocol=6 | dir=in | app=system | "{411579C5-67CD-454C-AD5D-6F8E380F3482}" = rport=138 | protocol=17 | dir=out | app=system | "{418E927E-E81C-4203-BA42-2941AE690D02}" = lport=445 | protocol=6 | dir=in | app=system | "{457392A2-E167-4B9A-B4AE-96B0CA1824F9}" = rport=445 | protocol=6 | dir=out | app=system | "{96992E1D-C323-4BAB-99C2-82E8D839C6CE}" = rport=139 | protocol=6 | dir=out | app=system | "{C141CA80-AAAB-4B45-B6C4-EA27F1B505E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D2F570F7-2902-46CE-AC28-E23BD278B668}" = lport=139 | protocol=6 | dir=in | app=system | "{EEC854BD-ECDD-430D-ACDC-F52FCF9D0A1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC9A57C4-086F-46F9-A893-5E62E98F3A02}" = rport=137 | protocol=17 | dir=out | app=system | "{FD7C8DAD-AA0D-4120-B2D7-0C1AE6F21973}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0457E381-A197-4E20-A96F-C357CAAB9820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0BD3DA30-F0E9-4675-B142-46A17DDD4D5F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{0BE80420-B1F9-4774-BB5E-12EE6BBFCFD2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{0D5008DD-D2A6-4446-B58F-46F4A3A7939F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{1048AAC5-9F97-41DE-8A5C-D05B08C6FF66}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{12D371EA-C7A7-4D76-B23F-D8A167CE67B9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1315D249-9D46-4792-B68C-AC1A4E00FB0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{14307BB8-AA08-45DF-84EF-8813CC25D5F5}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{14BA75AB-1439-45A1-A4B1-399BDF45579A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1621A0EF-56D2-4FCC-80C3-FA7488797B6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{18E6D8CF-BCA5-4AFB-A48D-E614D6EE4755}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{1A674C65-8A46-43C2-A8C8-1DD1A894084E}" = protocol=6 | dir=in | app=d:\games\pes2010\pes2010.exe | "{1B219B8A-B572-4960-9D7F-7DCBF19BE0A4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{1C1DC933-3CB5-4E1E-B38D-F96132672497}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1D82303C-A973-4B4F-9E6E-B19973D27A6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{1E70FB97-AA53-4E67-9791-C63BEF60388B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{20061993-2D74-4204-BEC3-AD5953A1EADE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{267DEB56-81E6-4E70-B9A0-A68B6056F771}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{26978B87-53FB-4692-A69E-D52F1068FD89}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{26E20C68-5545-4B4F-A04C-70133A72E66F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2ADA7EAC-A905-4A32-98BA-79B394D53780}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D8BB844-40E1-4DCD-BB27-8F4A86C645EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{2F784243-0772-4B59-9DB7-A6A2B20E39D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2FCB93AC-CC42-4C30-B655-3B549A62C7CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{30809BBF-BDFD-408D-B021-4A230ECB8FE9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{32C5BCBD-CC69-439C-9A2E-F24AD6A57BB3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{33B6E8A5-52A8-4D9E-92DF-80F0C2AB1B27}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{345AB714-AEE9-4B70-B08D-DA510A29DC90}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{35E28D68-EE1A-4A02-83F7-43883BF04A29}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{377250EA-8EEF-444B-91A5-6ACDB76EB695}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{388B1ADD-91AC-4737-B639-8BEC8BCA5A24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3AD24F3F-B18B-4F8E-9FCE-5158BEDA7B5E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3C42301F-3804-41ED-824D-6542795C1A67}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{3D6486C8-F244-4A3A-93A0-979FE4601D40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{41EF3AF0-B56E-45F4-87DE-3A65D6FC3A00}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{42337004-D73F-4FF2-9017-71BAA3F20E3F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{45C39444-F4DC-4801-AB4E-BBCF999B7610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{466B32C4-67EC-4F9B-925C-3926FEC3782B}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{478E9238-BCF9-436F-AD4C-94742287F154}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{4BB8E9F6-1031-49AF-B6EA-6E9D3F7A9633}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{4F508379-AE72-4796-BA78-1E7B1CC66F61}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{5167EBED-4F83-4CB7-AE2C-095BB2D5B470}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{516E2C64-DBCF-4307-B4B4-E99784D17685}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53656EF4-8A77-4D5E-A5B3-0B10347E3DCB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{591649D2-BDE6-4CA0-8C9B-7DF90013E57D}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{5D5CAF7B-B43E-4AA4-A912-A9A2C790E1A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{5E9AD099-A2CA-4034-AC1A-2D6D7A259607}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6508F088-0C76-4E77-BA39-DBED13671A5A}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{654321EB-F266-450F-9E99-185EABD3BECB}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{655A8DEC-47AA-4AB1-B48D-00BDB2041260}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{6AD26BA0-86B1-44BA-9087-B8932572C43C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{6DC12833-0BF1-493C-8763-507EC2DE2E0C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6DFBA6A9-B34D-4E90-80DF-22995741418F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{6EB029D0-BA2E-4414-B50C-E99BECC0C6AB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6F081F6E-824C-4E87-8DA1-79C62C2194EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{701B8C6A-D3EC-443C-837A-45E296D97E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7162772E-3205-4200-A76E-DB961598431C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{71B5FD02-2324-4F48-ADBA-02E913387FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{7A48414E-E154-49D1-A31F-9A2ED96CDBFA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{7AB98D4C-B34D-4EC2-B907-3BE18956ECC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{82BB5154-6D17-4C3F-904A-431215C3D01A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{880559A0-6F51-4CDE-B6A3-DD3A189B7A94}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C353662-4691-4CD5-9FB5-66FCFD630C8E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{90518E9F-2D53-45E2-B155-F982AC77242F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{93E94AD7-3FC5-45DF-A0AC-811FCAE95B4B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{9C9D46E0-0234-48CD-A7CE-8CB1A4B48149}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{9D278C84-96E0-45D4-ADA1-B7B6257653B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{9D3EA30D-67A0-4568-B438-17CE4C65FC58}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{9E1884A9-95B0-45DB-9DCF-D943BCEDB87C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A07BD0D1-D351-4654-8DE8-6404B9351E12}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A1766E46-D12B-4622-B013-665A48D4E5A2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A1E16744-B5C8-4276-8B25-2C339E64664E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | "{A4859F63-EFFF-410D-AE42-6BBD6FC34D18}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{A9F3CCD6-AAA2-419C-91B2-258E63A8DBFE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AB6FBCA7-4C0E-499C-9E4E-7C438A175A4D}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AC5DB681-E2EF-49D7-A3DA-E47DEB36CF66}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{AD15DA06-8926-43C9-8EB8-D2F85A0BD6D2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{AD45B47E-91D7-4F26-A455-4F1CEC2A622E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{AD482B4F-2B4A-4B7F-8DBD-0D9770DE769C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{AE485B51-0FDD-46EB-BC2D-E09F0658AF45}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{AFD4BF36-287B-40AB-9822-88ED6E4E7AED}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{AFFEB403-DEAF-4A6B-BFD3-0E80E50C65B1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{B5A01784-EB88-443E-A599-B9F153BB993C}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{B803D8D7-51F2-40B0-8D32-46AA420915F8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | "{BADC9E24-EAFF-475F-A4B8-75ACF7B03547}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{BD950C3F-9857-4061-9831-9045EDB3BC7F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{BE6CC98F-DFEC-4A13-8427-8828F84599DE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{BEF0B7C2-EB0D-4DD9-A34E-E68ED38A3674}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{C1A00C60-FBEF-4779-A5DA-D9CBF785D5D9}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{C2A8F7E7-EB74-4DA9-BECF-1102D1D6A792}" = protocol=17 | dir=in | app=d:\games\pes2010\pes2010.exe | "{C2E1FBA0-1383-4D89-99C0-AC1C263D10F2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{C37512B4-617B-4B31-BA04-7E471F4F485C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C4105671-9991-45B8-917F-D56E87EF79F6}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{CE7950A5-DC81-44CE-861B-F2058B820020}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D314CDF6-54D8-4EC6-9FE0-36AFE1A6D9CB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{D3633E74-9DF3-4261-9495-5D428CCDCC57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | "{D79A101A-D309-452E-8145-DA70C426BF05}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | "{E0B15651-0DF6-4510-BE39-08A1B33A6944}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{E4061EF2-B839-4317-B715-ADEED46513DE}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{E4D009F8-923C-41B3-8F7D-98920696B8BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{E9AF8D87-D178-4A69-8DA7-07BA27229BBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9B01827-1DA2-439E-AA37-C8EBB76E3387}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EA3E8B97-4565-4F41-8B2E-CEFB70A1F5A6}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{EE7D7F83-F8FD-4445-8C72-FA62449DB88A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F0BCF5A1-6B45-4CFA-8F0A-B90EB1B388C4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F1A32106-197E-4A96-BEA2-80CA42F32E6C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{F4925486-668A-4928-95B6-C17143DB69EF}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F5459F7E-54BA-45ED-95E2-CEE1D73A0FFB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{F62D1D53-5922-4495-9BDC-791B7FB8D52F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6718128-B00A-4C55-B768-A339DE1F6762}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F71F6FA3-A8EB-4622-AC7F-15F9C368ABC1}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{F79A5798-D45E-4438-B6AD-FF45688FAA07}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F7E40294-5082-4264-B4FD-F460DDEF800A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{F8C1552A-EE40-40C4-B8B6-37AE29542496}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{FA71BEC0-0E37-440F-88CE-022E28A91B7F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{FA7FE057-9599-4364-9038-15589F94C4D4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{0A79E258-15DB-40C5-8FD2-13FDD1359B83}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0F8D781C-6E6A-48CF-B9A0-3EFF481AD5C7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{1B216D8A-A2B8-4F05-AF38-65529C6EABCE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{22CC7741-0CA1-4EF7-8740-432F5F5719FA}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{274D7D2D-1B30-4E0E-82A5-7AC82EED259E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{58DD89A2-3A1D-4237-A9EC-A5D914D0F556}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "TCP Query User{87532B1B-C502-4D60-A235-47FFF4FD11CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{A879A4F2-F357-4527-BE4C-6E46E57EF0F2}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "TCP Query User{B987F503-8BF7-4A60-94A2-69DB76CDF3C0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{C26BF490-97D1-4B78-9FFA-64BD16E2A91C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{CC440787-8375-405D-BAB4-FB7EC2DF2CF8}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "TCP Query User{D1E89AB1-B708-4939-A820-838674D592F0}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{DF9E434C-54C9-421C-98C0-DF2FFC3DEF6D}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "TCP Query User{DFB30973-65A9-4EC2-B5E5-106EA8CD6EEC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{E2165A83-3B44-4CA1-8A26-92E154436728}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{EEF05005-6BF7-456E-BE24-2884B1275091}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | "TCP Query User{FB2BCE8A-1644-495F-8A5C-AD26ADC65968}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{0321C189-9FD9-4758-BBDF-9D2A6E93424F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{03764557-B324-4AB1-A707-1ED8B4E6CBD7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{3FAFE6E5-AE21-4DCD-B53B-2AE8B7743047}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "UDP Query User{54E9E826-7987-4671-9A5F-6B845040BCFA}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{552D2EB7-7289-4AEC-B20E-41906520F12F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{5C5137E1-C5C8-4994-B314-1B5120D3F9D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{61937566-D190-42F4-B031-F43CB60E9374}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "UDP Query User{6342480A-8FE9-4FEC-9564-32F516AE5011}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{6825B24A-FC8F-4733-A72E-D823B9510720}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | "UDP Query User{89C23EBF-1CD8-493A-9518-AC95F5884906}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{916ED359-38DF-4FA3-9A90-61242AC259F7}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | "UDP Query User{96D7AC1C-4D04-43B6-8A72-809696C5AA2C}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | "UDP Query User{990F559A-EEF2-4BEF-AB48-D0A28E4792B2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{9F2E9091-22E8-4865-842E-6AC090E7AE03}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "UDP Query User{A4E13806-496A-406F-92AC-962D9E85B430}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{D2BA4248-F757-442C-A17D-2BFDB8B644BD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F88818F6-DECA-4507-852C-E2BE4F9E10FE}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3 "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "7-Zip" = 7-Zip 4.57 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4 "AIM_6" = AIM "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "COMODO Firewall Pro" = COMODO Firewall Pro "dBpoweramp Music Converter" = dBpoweramp Music Converter "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code) "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "IrfanView" = IrfanView (remove only) "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "MAGIX Video deluxe 15 Plus Download-Version D" = MAGIX Video deluxe 15 Plus Download-Version 8.0.2.4 (D) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Orb" = Winamp Remote "PPStream_is1" = PPStream "RealAlt_is1" = Real Alternative 2.0.2 "SopCast" = SopCast 3.0.3 "Soulseek" = SoulSeek Client 156c "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veetle TV" = Veetle TV 0.9.18 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.1.0 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.01.2012 05:27:59 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.01.2012 05:48:05 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2012 05:55:53 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 07.01.2012 23:50:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2012 23:50:34 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.01.2012 07:36:18 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 08.01.2012 07:36:24 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.01.2012 08:58:57 | Computer Name = Matthias-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleMobileDeviceService.exe, Version 2.50.39.0, Zeitstempel 0x4a5d2d41, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00402747, Prozess-ID 0x7e0, Anwendungsstartzeit 01cccece729087ab. Error - 09.01.2012 08:59:32 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2012 09:12:13 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
29.01.2012, 19:36 | #4 |
| W32/PatchLoad.A und weitere Trojaner gefunden So, jetzt hat es doch funktioniert. Ich bitte um Entschuldigung für meinen letzten Beitrag. Bitte einfach ignorieren. Danke im Voraus! |
29.01.2012, 22:43 | #5 | |
/// Malwareteam | W32/PatchLoad.A und weitere Trojaner gefundenMein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Handelt es sich dabei um eine legale Version? Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
30.01.2012, 10:25 | #6 |
| W32/PatchLoad.A und weitere Trojaner gefunden Bei Adobe Premiere CS handelt es sich um eine Originalversion. Die Logs habe ich gepackt, weil ich es in der Anleitung so gelesen habe. Sie passen ansonsten auch nicht in einen Thread, da sie die maximale Anzahl der Zeichen überschreiten. Soll ich sie auf mehrere Antworten verteilen? |
30.01.2012, 13:39 | #7 |
/// Malwareteam | W32/PatchLoad.A und weitere Trojaner gefunden Nein, bitte nichts mehr anhängen - wir haben die nötigen Informationen! Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
02.02.2012, 10:53 | #8 |
/// Malwareteam | W32/PatchLoad.A und weitere Trojaner gefunden Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
03.02.2012, 10:50 | #9 |
/// Malwareteam | W32/PatchLoad.A und weitere Trojaner gefunden Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Themen zu W32/PatchLoad.A und weitere Trojaner gefunden |
7-zip, alternate, antivir, audacity, avg, avira, bho, bonjour, desktop, error, firefox, home, iexplore.exe, logfile, microsoft office word, mozilla, mp3, pdfforge toolbar, photoshop, plug-in, realtek, registry, required, rojaner gefunden, rundll, scan, security, security update, software, studio, svchost.exe, third party, torrent.exe, trojaner, trojaner gefunden, udp, version=1.0, vista, wlan |