Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner in C:\$recycle.bin

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.10.2011, 18:09   #1
wiesel9000
 
Trojaner in C:\$recycle.bin - Standard

Trojaner in C:\$recycle.bin



Hallo zusammen,

ich hatte gestern routinemäßig Windows aktualisiert, da war dann auch das Tool zum entfernen bösartiger Software dabei. Das sagte mir dann, dass ein Trojaner auf meinem PC wäre und er wäre entfernt. Ich war etwas überrascht, da mein avast! die ganze Zeit geschwiegen hatte.
Ich dachte mir, ob das wohl wirklich weg ist, hab das Tool nochmal runtergeladen und manuell überprüft und auf einmal war er wieder da. Nochmal entfernt, war dann aber wieder da.
Malwarebytes' Anti-Malware geladen, gescannt, gefunden und gelöscht. Neu gestartet nochmal drüber laufen lassen. Der Scan zeigte nichts mehr :-)

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7935

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

13.10.2011 17:27:27
mbam-log-2011-10-13 (17-27-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 470872
Laufzeit: 1 Stunde(n), 28 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
So jetzt habe ich mir das otl aus dem board besorgt, logfiles sind:
Code:
ATTFilter
OTL logfile created on: 13.10.2011 17:57:13 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,09% Memory free
6,19 Gb Paging File | 4,45 Gb Available in Paging File | 71,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 13,62 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 73,59 Gb Free Space | 51,11% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 199,49 Gb Free Space | 21,42% Space Free | Partition Type: NTFS
 
Computer Name: R560 | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Opera 10.10 Beta\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Razer\Copperhead\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Razer\Copperhead\razerhid.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Razer\Copperhead\razerhid.exe ()
MOD - C:\Programme\Razer\Copperhead\download.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PnkBstrA) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (UsbFltr) -- C:\Windows\System32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (Razerlow) -- C:\Windows\System32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110409
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..network.proxy.backup.ftp: "86.101.204.93"
FF - prefs.js..network.proxy.backup.ftp_port: 5057
FF - prefs.js..network.proxy.backup.gopher: "86.101.204.93"
FF - prefs.js..network.proxy.backup.gopher_port: 5057
FF - prefs.js..network.proxy.backup.socks: "86.101.204.93"
FF - prefs.js..network.proxy.backup.socks_port: 5057
FF - prefs.js..network.proxy.backup.ssl: "86.101.204.93"
FF - prefs.js..network.proxy.backup.ssl_port: 5057
FF - prefs.js..network.proxy.ftp: "201.243.134.106"
FF - prefs.js..network.proxy.ftp_port: 29097
FF - prefs.js..network.proxy.gopher: "201.243.134.106"
FF - prefs.js..network.proxy.gopher_port: 29097
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "201.243.134.106"
FF - prefs.js..network.proxy.socks_port: 29097
FF - prefs.js..network.proxy.ssl: "201.243.134.106"
FF - prefs.js..network.proxy.ssl_port: 29097
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.11 19:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.25 20:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.02 14:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.14 16:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.11 19:00:50 | 000,000,000 | ---D | M]
 
[2008.10.04 12:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2011.09.21 22:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\u80nlai6.default\extensions
[2011.06.20 00:28:56 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\u80nlai6.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011.08.22 20:30:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\u80nlai6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.31 08:32:00 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\u80nlai6.default\extensions\rikaichan-jpde@polarcloud.com
[2011.05.31 08:32:00 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\u80nlai6.default\extensions\rikaichan-jpen@polarcloud.com
[2011.10.12 18:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.02 14:52:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.11 13:36:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.11 13:36:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.11 13:36:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.11 13:36:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.11 13:36:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.11 13:36:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.13 12:27:25 | 000,436,491 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 15026 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Copperhead] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABBBC40-5F9B-4C7C-9BFA-57B09F350444}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935798EA-83C3-4895-8611-DBB54B81C40B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Markus\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16362a6f-c903-11dd-96bb-001377aac71e}\Shell\AutoRun\command - "" = F:\autostart.txt
O33 - MountPoints2\{2c366b9e-e43a-11df-8d84-001377aac71e}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe
O33 - MountPoints2\{2c366b9e-e43a-11df-8d84-001377aac71e}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe
O33 - MountPoints2\{32b0d008-4464-11de-b42b-001377aac71e}\Shell - "" = AutoRun
O33 - MountPoints2\{32b0d008-4464-11de-b42b-001377aac71e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4dd0016e-ca81-11e0-b6aa-001377aac71e}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd0016e-ca81-11e0-b6aa-001377aac71e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{98198aa0-5bdd-11de-b5eb-001377aac71e}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{c7b85caa-acbc-11dd-ad10-001377aac71e}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 04:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{cff3def6-5216-11df-9c67-001377aac71e}\Shell - "" = AutoRun
O33 - MountPoints2\{cff3def6-5216-11df-9c67-001377aac71e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e31eb5c2-ccfc-11dd-97af-001377aac71e}\Shell - "" = AutoRun
O33 - MountPoints2\{e31eb5c2-ccfc-11dd-97af-001377aac71e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.13 01:04:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2011.10.13 01:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.13 01:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.13 01:04:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.13 01:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.12 22:08:01 | 003,496,848 | ---- | C] (Piriform Ltd) -- C:\Users\Markus\Desktop\ccsetup311.exe
[2011.10.12 22:07:23 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe
[2011.10.12 20:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011.10.12 18:03:55 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.10.12 17:22:15 | 015,293,896 | ---- | C] (Microsoft Corporation) -- C:\Users\Markus\Desktop\windows-kb890830-v4.1.exe
[2011.10.12 07:45:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.12 07:45:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.12 07:45:14 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.12 07:45:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.12 07:45:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.12 07:37:55 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.12 07:37:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.12 07:37:54 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.12 07:37:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.12 07:37:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.12 07:37:46 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.12 07:37:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.11 15:05:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\psychosomatische medizin
[2011.10.10 20:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.10.05 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.10.05 12:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.10.05 12:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2011.10.02 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\The Limey.1999.DVDRip.XviD-VLiS
[2011.10.02 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Dead.Mans Shoes.2004.DVDRip.XviD-KooKoo
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Markus\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Markus\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Markus\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Markus\AppData\Local\bass.dll
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.13 17:55:26 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 17:55:26 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 16:38:21 | 000,131,072 | ---- | M] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.13 16:07:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2011.10.13 15:55:43 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.10.13 15:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.13 15:55:20 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.13 15:55:16 | 280,233,880 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.10.13 15:52:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.10.13 01:04:13 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.12 22:08:01 | 003,496,848 | ---- | M] (Piriform Ltd) -- C:\Users\Markus\Desktop\ccsetup311.exe
[2011.10.12 22:07:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Desktop\OTL.exe
[2011.10.12 22:01:39 | 000,002,525 | ---- | M] () -- C:\Users\Markus\Desktop\HiJackThis.lnk
[2011.10.12 18:33:06 | 000,701,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.12 18:33:06 | 000,648,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.12 18:33:06 | 000,155,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.12 18:33:06 | 000,126,854 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.12 18:26:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.10.12 17:22:20 | 015,293,896 | ---- | M] (Microsoft Corporation) -- C:\Users\Markus\Desktop\windows-kb890830-v4.1.exe
[2011.10.12 13:15:39 | 000,438,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.12 07:50:30 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.10.10 20:34:01 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.10 20:32:57 | 000,001,744 | ---- | M] () -- C:\Users\Markus\Desktop\Trillian.lnk
[2011.10.10 17:04:52 | 002,175,928 | ---- | M] () -- C:\Users\Markus\Desktop\Naruto_Shippuuden-Ost2-KokutenSunspot.mp3
[2011.10.05 13:07:40 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.09.27 00:00:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.09.19 19:52:30 | 000,046,741 | ---- | M] () -- C:\Users\Markus\Desktop\neurorad.pdf
[2011.09.18 17:18:50 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.13 01:04:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.12 18:03:55 | 000,002,525 | ---- | C] () -- C:\Users\Markus\Desktop\HiJackThis.lnk
[2011.10.12 07:50:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.10.10 20:34:01 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.10 17:04:52 | 002,175,928 | ---- | C] () -- C:\Users\Markus\Desktop\Naruto_Shippuuden-Ost2-KokutenSunspot.mp3
[2011.10.09 21:27:02 | 280,233,880 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.05 12:31:41 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.09.19 19:52:30 | 000,046,741 | ---- | C] () -- C:\Users\Markus\Desktop\neurorad.pdf
[2011.09.18 17:18:50 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2011.04.30 14:57:15 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.30 14:41:43 | 000,000,303 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.03.07 19:06:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.02.28 10:16:35 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.02.21 16:44:56 | 000,001,619 | ---- | C] () -- C:\Users\Markus\AppData\Local\RecConfig.xml
[2010.12.05 23:21:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.12.05 23:21:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.12.05 23:21:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.05.20 22:32:56 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.02.13 15:52:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.01.08 22:22:46 | 000,000,760 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\setup_ldm.iss
[2009.11.24 11:00:26 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.21 12:44:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.09.21 12:44:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.09.10 20:48:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.08.23 15:00:23 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009.07.16 23:10:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.16 23:09:59 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.06 08:47:48 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.05.27 22:23:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 22:23:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.12.08 18:59:26 | 000,001,783 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.12.08 18:59:14 | 000,045,164 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2008.11.16 16:51:29 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.11.16 16:51:29 | 000,020,887 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008.11.01 19:34:55 | 000,471,040 | ---- | C] () -- C:\Windows\ssndii.exe
[2008.11.01 19:30:39 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll
[2008.10.16 14:03:54 | 000,001,356 | ---- | C] () -- C:\Users\Markus\AppData\Local\d3d9caps.dat
[2008.10.05 23:54:28 | 000,022,328 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\PnkBstrK.sys
[2008.10.05 23:54:13 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2008.10.04 19:15:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.03 19:49:02 | 000,131,072 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.26 13:37:16 | 000,701,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.26 13:37:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.26 13:37:16 | 000,155,674 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.26 13:37:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.26 13:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.25 23:08:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 07:48:51 | 000,001,322 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.06.25 07:30:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.06.25 07:30:30 | 000,000,135 | ---- | C] () -- C:\Windows\System32\lngEng.ini
[2008.06.25 07:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.06.25 07:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.06.25 07:22:17 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008.06.25 07:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.06.25 07:18:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.06.25 07:18:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Markus\AppData\Local\lame_enc.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,438,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,648,158 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,126,854 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Markus\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Markus\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Markus\AppData\Local\ogg.dll
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Markus\AppData\Local\no23xwrapper.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Armagetron
[2009.11.27 22:09:26 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\avidemux
[2008.11.07 01:57:28 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools
[2011.10.13 15:56:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Dropbox
[2011.06.07 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Easeware
[2010.12.04 00:02:45 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\enchant
[2011.09.07 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\gtk-2.0
[2011.06.21 01:26:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\IrfanView
[2010.01.08 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Leadertech
[2011.02.28 10:15:59 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\LearnLift
[2010.01.12 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\MuPAD Pro
[2011.10.13 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\NetSpeedMonitor
[2010.11.18 02:07:45 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Nokia
[2010.06.26 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Nokia Ovi Suite
[2009.05.19 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org
[2010.07.03 11:42:20 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Opera
[2010.06.26 14:46:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2010.08.26 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ratiopharm
[2008.12.19 22:14:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SharePod
[2011.06.14 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TeamViewer
[2011.01.23 21:56:31 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Trillian
[2011.10.11 14:36:10 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\uTorrent
[2010.03.13 03:33:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\XnView
[2011.10.13 15:52:57 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.13 16:07:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
 
========== Purity Check ==========
 
 

< End of report >
         
extras war:

Code:
ATTFilter
OTL Extras logfile created on: 13.10.2011 17:57:13 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Markus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,09% Memory free
6,19 Gb Paging File | 4,45 Gb Available in Paging File | 71,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 13,62 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 73,59 Gb Free Space | 51,11% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 199,49 Gb Free Space | 21,42% Space Free | Partition Type: NTFS
 
Computer Name: R560 | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera 10.10 Beta\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera 10.10 Beta\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera 10.10 Beta\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-866420452-2880083285-4077110784-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | 
"{10F5E184-541F-4B13-962B-576B6E6F356B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2F86D240-2D73-4837-8CF4-C1B87B9B140E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3473903D-C23B-4ED4-B38D-D4B87B64D0D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4275DFFF-5D99-438D-8FA0-03C5E650365B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4EEA0BAF-80E9-4209-BBC5-826E9EC6F5E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{58760DF1-08C8-4AC7-B6B4-78DF37CD49E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6ADA8BB2-F648-4F9D-9A00-96CAEA74AF34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D239753-DE65-48F9-9CC2-BB77216256D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7FE56439-520C-4984-B4A3-43BA32F0E872}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8050B403-070F-4F14-BB70-C9BEF350DD77}" = lport=500 | protocol=17 | dir=in | name=ipsec verbindungsport cisco | 
"{A2118C5D-0772-4090-8F56-6B723219E0F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AB5B85E6-1A5E-424D-BD24-05A3BB21FB16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F22A8373-697F-4881-9CE6-48AB13FBEB48}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009547EC-14DB-448E-A257-519857FF8FC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{03AE79B0-223F-4FA9-A1ED-1D573DA9167F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05F2317B-89EF-4546-AC13-36A5458364EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07DBE7F0-8130-4CA8-866F-F33853CA28CB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{0BD8D13B-7C7E-4689-9128-C96DEFE820A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C6EDC04-CECC-45E2-BA4E-EAB796504ECD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{117B3C37-B2CD-4FDC-BFFF-E18B780CAE32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13194CF4-6C90-4091-BD16-31C945EE42B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1924DB56-A655-42D0-87CA-EC98B8B151AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19FF9F00-965A-4AF8-A8B3-8FBF9ACE69B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EE64257-2A2A-422A-A91A-A94F053515BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2177C285-FE9A-45B7-A50F-1BD1098F258B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23EFD142-6374-4B1A-91FC-5955CDC2446D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29693F64-8FED-4C2C-8835-C1FEBF3D1DB5}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{2ADAEA66-7CC4-4774-ADA1-DC6347D7ABDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EA6DB72-9699-4E2A-9A75-EC2C1641CEEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30C89611-51BC-44B7-AF28-855369C881B8}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | 
"{326FD3FD-5DBF-442F-ACFF-EAC993B710CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33366829-D4B1-4553-AB62-5FE35359D060}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3512DC51-BC51-4BDC-A1B6-F7B0508D0E7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3981F68B-BBD1-4254-A05B-467B799A9E08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B5CCB44-4219-47C4-B86C-6B81097038EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BCE65B8-9094-4C3F-A99E-1FAADDABDBE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D6C5757-8DD4-4DC0-BFD7-4C798AA0EFAD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3FED4C6E-CACF-4D0F-A7D2-7194F5F609E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{41BD2246-5834-4E68-9568-A0C289CD7CA4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{445BE6D2-FAB7-4B3C-B7DD-D496859D1F90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4543B938-35F2-408F-9546-22359CF26DEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4680FFDF-F977-465E-8214-833E0B1771B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46BD6882-A278-4D03-92BE-9EB6D934E621}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4985D0AE-68CB-4F72-8454-19AF917B7F68}" = protocol=6 | dir=in | app=c:\program files\opera 10.10 beta\opera.exe | 
"{4A65B527-BBAA-4359-B86D-5B6300F5DF0B}" = protocol=6 | dir=in | app=e:\dwizard615.exe | 
"{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4B96B73D-9856-4295-92B4-99F9B2E4BA0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E5E7612-786A-4D93-91BB-2B81B874FF06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4F83C071-7B2F-4DFD-8FAF-0459B9EEBC29}" = protocol=17 | dir=in | app=e:\dwizard615.exe | 
"{5417FF1B-0E33-4DC4-9083-A5624F4FEFC0}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5419334E-B279-4964-A55B-D486605CDC27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BEF3570-5561-4FC1-9722-C0112D7A6CF8}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{606CDD42-B60B-4202-B1B8-6B764DB4ADEB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{666E91C7-A343-4CFE-914C-C08E2A71516E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67CFC1CA-C552-4354-AA68-109E9FD8B0F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{688342E6-9AEC-44D4-89FD-3F2801846E33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{690B2F38-9865-4532-A31E-B40BCD6016CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DE72FC8-CF9E-4291-87B3-E6B348D0B355}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DF9F069-FD7C-44F6-8328-415CEBC7E6E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E3CC444-8262-477D-9AE8-22355C2FC8B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70030A5D-633D-4511-B229-79F21AF0D361}" = protocol=6 | dir=in | app=d:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{71E2BFF0-3C6E-4D56-8E92-F91FA2D04BC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72AAD7E5-2679-4C0E-A894-35A1D8AFBCF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76626D0D-7A82-4F3B-8549-0FA3CDD81ED3}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"{76AF3726-0456-43F7-92C2-D87089E15736}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{799A8E97-FF36-40F8-B077-2E637F180422}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe | 
"{79B2C433-909A-494C-B558-D5A776108185}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A05B13F-EF28-487A-BD39-0CE5B815D752}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7EFFBC3B-2B80-49A4-8AAB-4B5E73A36017}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81596893-1F12-4741-9A49-6560763D7503}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8217A87A-C73B-4411-9A97-3320AD4336E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{86BCCA1C-F062-40DB-9BB4-970CC081ED5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{86E2D65F-5145-43D3-A1DE-8B074A71F5C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{886FD236-F9AA-456C-877E-711574B41632}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A3ECA2A-E4ED-47A8-8595-B1DF062D0487}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8A41F5C4-B76D-4D59-84D2-F63DA1AE2834}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8A5A26C7-06C5-4A78-9E93-FC443B4DC822}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8C4F558C-FD93-48DD-8518-C9EDA89C9351}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8E96B7DD-6087-432C-99F1-CF8136B684B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90E4D2C6-E1F0-4A20-A494-D65B09209C55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97993FEB-EC4D-4765-92EC-9926DF68E14B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9896B3F3-2550-4725-BADC-188BC26E07CB}" = protocol=17 | dir=in | app=e:\libneap.dll | 
"{99C5CDCF-A6DC-41AB-8063-2DFF4FC5D46E}" = protocol=6 | dir=in | app=d:\camspy\camspy.exe | 
"{9DFD991F-9232-4A73-9362-54BA9BB7FB6D}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{A065FF14-9188-452B-BC3A-BF05A9624EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A1359339-4B0D-4842-B9E1-6A51A9FEDDB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9F6E1F0-4B72-4E97-A716-0738CF818E52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE8FBEBC-A4CB-4746-BC3A-33BE98ADF0FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF527364-FC68-4EB5-99B1-ECF4FA4174B7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B351508D-B9AB-4C0F-A5FA-6E78F6535AF6}" = protocol=17 | dir=in | app=c:\program files\opera 10.10 beta\opera.exe | 
"{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B43E0562-325F-4D2C-9543-5FEBC26D630E}" = protocol=17 | dir=in | app=c:\program files\opera 10.10 beta\opera.exe | 
"{B73BF73F-588F-404D-8352-197F9F940094}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B93B292A-BF78-46E1-A447-7DDF45F8F035}" = protocol=6 | dir=in | app=e:\libneap.dll | 
"{BC190A79-7047-4F0B-8617-F74C0456A077}" = protocol=17 | dir=in | app=d:\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{BD18E6B1-E49C-4CDD-8F12-F0D5AB3541EE}" = protocol=6 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe | 
"{BDF8F51B-5E7F-4337-9A8F-0A26775736ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BE1015E2-96D9-4D7E-A543-900875D0C5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C01132E1-D6D1-4EE6-8BF6-80942E0B16D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C07D3221-182D-42FF-9283-F747A4B13252}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe | 
"{C63DDA9B-3739-477A-9A06-D1E0DB21E6FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA6470CE-6EE8-4CFE-AEBA-8B6356EE14A9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{CCC37737-4CCB-4B29-A53A-007FC483E412}" = protocol=17 | dir=in | app=d:\camspy\camspy.exe | 
"{D152D759-99BF-49A0-89CC-EFE342500C0D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D31456E1-8D39-4DE7-BB10-C62FFA146C51}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D66D5007-E450-4A48-B796-9A8E3FBF834F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D70C3DDB-3499-4EB0-8529-BF09065AFABD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D81CDEE4-58B9-4D95-8DDD-23E57ACD7014}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA6C8117-43AB-4658-ACA7-A3000B92B19F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{DABB5BDA-162B-450B-88B8-AA7CC47CAB7B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{DCEC1A0D-77A4-464A-8EDD-F080013267DF}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{DDBDE045-A921-4F73-B786-8CFE43DACBD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE62424F-4496-46F5-973F-01577E3C7A35}" = protocol=6 | dir=in | app=c:\program files\opera 10.10 beta\opera.exe | 
"{DF696895-5FF7-4780-AE3D-1AF2F4149F62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF91B482-FF0C-4108-A8C7-F9D39CE73509}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"{E12DA4DE-77CF-4D67-BB3F-993DA811B74D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{E39F7F31-6BC5-4688-ABE8-81D18428D6A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5D73D25-C238-4D1D-A712-2F76C34F6CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6B4A978-5789-44CF-80A2-BA8584BFC7B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7D7BD4B-03E3-4F82-B60B-39B03DB96BCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7F647EE-0090-4AEE-9081-801BCCF08289}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECA53797-3FCE-4A45-86AA-AF916231B006}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{EEB0D70C-A05C-4E2F-901B-E599CC93D7E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EFC1607F-539D-4A6A-888A-77048B052E72}" = protocol=17 | dir=in | app=c:\program files\cisco systems\vpn client\ipsecdialer.exe | 
"{F2D08989-4102-4765-9BDC-4278F87D7A81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4DE43F8-0EE6-4018-BDFD-91A82BAC8988}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe | 
"{F64686E0-6844-482D-8EC4-99117F64FC5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{05A87A91-2F4E-4C30-B511-C292909201F6}D:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\sopcast\adv\sopadver.exe | 
"TCP Query User{06C0A80C-8FA3-4956-AEE5-403E21DE71B1}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{0B194C48-0349-492C-8DDA-232F8EC19A96}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0E9EDAF6-26EC-43D2-9273-46D3C7FE4EEA}C:\users\markus\desktop\warcraft iii 1.23\war3.exe" = protocol=6 | dir=in | app=c:\users\markus\desktop\warcraft iii 1.23\war3.exe | 
"TCP Query User{13F37354-FAC6-4B10-B787-665029C26B41}D:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\sopcast\sopcast.exe | 
"TCP Query User{1BC1719E-022C-4939-A4D0-5DAF24A10715}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2AF161B9-BB8E-464C-9F1F-A91C2F59F2B8}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{2D60E2BD-9993-41E1-82C4-F619D9A29FFF}D:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=d:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{4654490D-1E77-40E2-840F-0B7397EB94F7}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{4E2CE834-B3E0-407C-A302-31FE87CD046B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5223F5F0-E3A9-42B8-ABC2-C9B37474838D}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{5E5B7613-44B8-4A8E-AF0A-A3E82BAA6B4A}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{6024AE2A-0ADD-4820-9407-3DBD08D7ABE6}D:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\sopcast\adv\sopadver.exe | 
"TCP Query User{65672C64-C80E-44BE-9CD0-ADAAD77FB4B7}C:\program files\opera 10.60\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10.60\opera.exe | 
"TCP Query User{659E2F4F-2E5D-437F-BF11-13FEC0B317FE}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{67250227-7DE8-4B19-B046-7EB512C4A401}D:\spiele von simon\warcraft iii 1.23\war3.exe" = protocol=6 | dir=in | app=d:\spiele von simon\warcraft iii 1.23\war3.exe | 
"TCP Query User{68477528-1966-4D7E-9919-E4A9437E40B8}C:\users\markus\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\google\google earth\client\googleearth.exe | 
"TCP Query User{75555010-E780-4EFC-B1AF-384B57C5FB1F}D:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\sopcast\sopcast.exe | 
"TCP Query User{86983FAA-8CB8-465D-8E83-7004951B6362}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{880EC6BE-D83C-40F3-AB3E-B2778BB667CB}D:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=d:\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{8F1B801A-D95A-4AC4-903E-B737FFE7D9EE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{966E2005-9F5E-4054-9B77-C2B534F34D49}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{986C7657-5159-4F6A-BC93-6B0704E800A1}F:\nik\warcraft 3\war3.exe" = protocol=6 | dir=in | app=f:\nik\warcraft 3\war3.exe | 
"TCP Query User{9B69E640-6B54-4BAC-89CD-D50C95F92F47}D:\spiele von simon\call of duty 4\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele von simon\call of duty 4\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{AE055935-9630-49E5-BB02-DAB8E82D79EC}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{B30C9033-1474-479A-B8F4-BAB4D40FE7FE}C:\users\markus\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\markus\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{B7B43C68-CE03-4B55-A51E-3656DED7637D}D:\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=d:\thq\dawn of war\w40kwa.exe | 
"TCP Query User{CFF5B81F-C259-48EE-A364-7CF99F0A4F7B}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{D3167C3D-0E74-4F24-B6C6-BF8019174567}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{D70DDD83-7333-4FF2-BB73-7885C3B5DAE0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{DF3E3535-25BB-4D9B-80F2-70218E634C10}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{E02CF8DE-AB92-4F53-94EC-AC2CDFD566DB}C:\users\markus\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\markus\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{E72CDCFF-3A8A-45AA-BD8C-055FD2DD64FE}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{FA5BD1CE-EECC-4CA1-9CED-D3AA9CE370D7}C:\users\markus\desktop\spiele von simon\counter-strike 1.5\hl.exe" = protocol=6 | dir=in | app=c:\users\markus\desktop\spiele von simon\counter-strike 1.5\hl.exe | 
"UDP Query User{02A4617C-93FC-4AF7-96DF-856679F679E4}C:\users\markus\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\markus\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{03E16036-3AC3-491E-9CA9-390265CCC171}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{04A0C85D-5218-41BF-8F50-F0481942387B}D:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\sopcast\adv\sopadver.exe | 
"UDP Query User{24A8A584-0271-4477-BA01-B5FAB1A87005}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{25F0FF5C-9E0B-4F0D-950A-D6B8E91CA905}C:\users\markus\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\google\google earth\client\googleearth.exe | 
"UDP Query User{2D5C62F3-C563-488E-90D6-57CF50867DEA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{36BD8989-DDD7-4B13-BE74-653519FB1950}D:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\sopcast\sopcast.exe | 
"UDP Query User{39036088-636D-42BD-B304-645CD988EB15}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{3EA59C20-3E65-4042-B484-8F8F7DFE602B}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{425D40B2-918E-41D8-A3DF-3C809C9089F3}D:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\sopcast\sopcast.exe | 
"UDP Query User{45A8F8DE-D26B-4700-A402-6FCB71B6CF7B}D:\spiele von simon\warcraft iii 1.23\war3.exe" = protocol=17 | dir=in | app=d:\spiele von simon\warcraft iii 1.23\war3.exe | 
"UDP Query User{4A30DC83-BACD-4FAD-90A8-36797FF4337D}C:\users\markus\desktop\spiele von simon\counter-strike 1.5\hl.exe" = protocol=17 | dir=in | app=c:\users\markus\desktop\spiele von simon\counter-strike 1.5\hl.exe | 
"UDP Query User{5493E6DD-6C9C-4A86-B6DE-EB89570CC74A}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{58B57B2A-BEF4-4AB9-A778-A98ACB17CE5C}D:\spiele von simon\call of duty 4\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele von simon\call of duty 4\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{61B1BA0A-CFBD-4E46-AF0C-14CC4F94B43B}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{661D3706-325D-4286-BA56-8D7601C1FEFA}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{6CA55492-9010-4087-BE03-567AF49D2B9E}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{6DAE1858-8F8C-4824-9F5A-2F642FD949FB}C:\users\markus\desktop\warcraft iii 1.23\war3.exe" = protocol=17 | dir=in | app=c:\users\markus\desktop\warcraft iii 1.23\war3.exe | 
"UDP Query User{757ADEE3-2F31-4BB6-99F2-2561C4DBF49D}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{75940362-D45B-4EA4-ACA6-67675F9FFBAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{76BA172E-AC4D-4EDF-9698-A03DDFAF0F74}C:\program files\opera 10.60\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10.60\opera.exe | 
"UDP Query User{7988B7C5-1580-4F8D-A7A2-FB29D8F9EAE0}D:\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=d:\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{8932EEC2-EA84-4768-9FA1-B2785A6B17AD}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{8A5AC65B-5754-49FA-AD26-B8E654E1542D}D:\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=d:\thq\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{8D19F28B-A3CB-4B8D-B4D5-2E5F9E50AEE9}C:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{97E61A2C-97D7-4A2D-8044-423CD1245DB3}D:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\sopcast\adv\sopadver.exe | 
"UDP Query User{A9728CEE-5F37-4BF1-AB9C-EC742544BC0E}F:\nik\warcraft 3\war3.exe" = protocol=17 | dir=in | app=f:\nik\warcraft 3\war3.exe | 
"UDP Query User{C5FE5BB8-B6DD-4813-B7AF-4D3EF71C9D3A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{D0392448-2B61-43EC-B2C7-6A8ABEA441B8}D:\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=d:\thq\dawn of war\w40kwa.exe | 
"UDP Query User{D6CDCEBD-767C-4956-90DA-752174541677}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{D7CF836F-6DD2-4CFD-AF7C-3453D3845689}C:\users\markus\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\markus\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{D9BE335F-852A-44E8-857B-DE4F5822FC37}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{ED474F00-AA80-4103-8C56-B0A0E1AF7AD5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{FE9E3873-6A59-4F75-AD70-E1FDE1295158}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB035FB-4D93-42D6-AE33-BA2A5DF75050}" = CamSpy
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8B12D5A1-E544-11D6-9D1C-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_04
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B265F77C-A0CF-4364-8C26-A0ADA16FA4F7}" = Nokia Mobile VPN Client Policy Tool
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ACDLabs in C__Program_Files_ACDFREE11_" = ACD/Labs Software in C:\Program Files\ACDFREE11\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"Eraser" = Eraser
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GSview 4.9" = GSview 4.9
"HijackThis" = HijackThis 2.0.2
"HTMLKit_is1" = HTML-Kit
"HyperCam 2" = HyperCam 2
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"IrfanView" = IrfanView (remove only)
"Java Web Start" = Java Web Start
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Nmap" = Nmap 5.00
"Nokia Ovi Suite" = Nokia Ovi Suite
"Opera 11.51.1087" = Opera 11.51
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SopCast" = SopCast 3.0.3
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"uTorrent" = µTorrent
"VCam 3.1_is1" = VCam 3.1.1
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite" = Windows Live Essentials
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 15.10.2008 13:32:19 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 21.10.2008 17:04:42 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 21.10.2008 17:11:29 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 21.10.2008 19:00:16 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 14.01.2009 18:38:20 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 01.04.2009 11:39:40 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 20.06.2009 18:04:45 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 05.10.2009 04:47:14 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 22.03.2010 07:10:57 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
Error - 06.11.2010 11:38:49 | Computer Name = R560 | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 12.10.2011 19:09:13 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 01:31:42 | Computer Name = R560 | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 01:50:34 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 01:50:34 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 09:10:35 | Computer Name = R560 | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 09:49:58 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 09:49:58 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 09:55:55 | Computer Name = R560 | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2011 09:58:44 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.10.2011 09:58:44 | Computer Name = R560 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 13.10.2011 09:10:35 | Computer Name = R560 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2011 09:10:35 | Computer Name = R560 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2011 09:11:20 | Computer Name = R560 | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 13.10.2011 09:12:21 | Computer Name = R560 | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 13.10.2011 09:55:28 | Computer Name = R560 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse
 001377AAC71E wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 13.10.2011 09:55:56 | Computer Name = R560 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2011 09:55:56 | Computer Name = R560 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2011 09:55:56 | Computer Name = R560 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2011 09:56:02 | Computer Name = R560 | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 13.10.2011 09:57:13 | Computer Name = R560 | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         

Ich hoffe einfach mal ihr könnt mir jetzt weiterhelfen.
Was muss ich fixen, was kann man da fixen?
Und schätze mal danach wäre dann einmal formatieren nicht verkehrt?

Schonmal vielen Dank im Voraus

Alt 16.10.2011, 14:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner in C:\$recycle.bin - Standard

Trojaner in C:\$recycle.bin



Zitat:
Der Scan zeigte nichts mehr :-)
Dann auch bitte ALLE Logs von Malwarebytes posten und nicht nur das letzte ohne Funde.
__________________

__________________

Antwort

Themen zu Trojaner in C:\$recycle.bin
antivirus, autorun, bho, bonjour, call of duty, ccsetup, entfernen, error, excel.exe, firefox, flash player, format, google, google earth, helper, hijack, home, iexplore.exe, mbamservice.exe, microsoft office word, nvlddmkm.sys, office 2007, realtek, recycle.bin, registry, rundll, safer networking, security, security update, server, shell32.dll, software, studio, svchost.exe, trojaner, version=1.0, video converter, vista, visual studio, windows, wlan



Ähnliche Themen: Trojaner in C:\$recycle.bin


  1. Trojaner BDS/ZeroAccess.Gen in Datei C:\Recycle.Bin\... von Avira Antivir erkannt und kommt immer wieder
    Log-Analyse und Auswertung - 01.06.2013 (21)
  2. TR/ATRAPS.Gen2 in C:\$Recycle.Bin\...\U\80000032.@ und TR/Sirefef.abx in C:\$Recycle.Bin\...\U\000000
    Log-Analyse und Auswertung - 05.04.2013 (19)
  3. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  4. 'TR/ATRAPS.Gen' in 'C:\$Recycle.Bin\...\80000000.@'
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (3)
  5. BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?
    Log-Analyse und Auswertung - 15.09.2012 (3)
  6. $RECYCLE.BIN in C:?? Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (9)
  7. Trojaner im Recycle.bin, Datei nicht existend?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2011 (20)
  8. Trojaner in $recycle.bin
    Plagegeister aller Art und deren Bekämpfung - 27.09.2011 (11)
  9. Trojaner 'PWS-Zbot.gen.gm' in 'C:\Recycle.Bin\Recycle.Bin.exe' - evtl. für Phishing verantwortlich?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (1)
  10. Ursprünge von recycle.bin/recycle.bin.exe
    Plagegeister aller Art und deren Bekämpfung - 01.07.2011 (6)
  11. TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (18)
  12. Trojanerbefall TR/Agent.ar.55 und TR/Jorik.SpyEyes.no; C:\Recycle.Bin\Recycle.Bin.exe
    Log-Analyse und Auswertung - 09.06.2011 (31)
  13. Recycle.Bin.exe
    Log-Analyse und Auswertung - 01.06.2011 (64)
  14. Trojaner gefunden, was nun? c:\Recycle.Bin\config.bin (Trojan.Spyeyes)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (10)
  15. Deutsche Bank Trojaner c:\recycle.bin (Trojan.Spyeyes)
    Plagegeister aller Art und deren Bekämpfung - 20.05.2011 (37)
  16. Virus in C:\$recycle.bin?????
    Log-Analyse und Auswertung - 25.01.2011 (11)
  17. Trojaner in Registry: $Recycle.bin und System Volume Information auf C: und D:
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (1)

Zum Thema Trojaner in C:\$recycle.bin - Hallo zusammen, ich hatte gestern routinemäßig Windows aktualisiert, da war dann auch das Tool zum entfernen bösartiger Software dabei. Das sagte mir dann, dass ein Trojaner auf meinem PC wäre - Trojaner in C:\$recycle.bin...
Archiv
Du betrachtest: Trojaner in C:\$recycle.bin auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.