Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: W32/PatchLoad.A und weitere Trojaner gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.01.2012, 18:04   #1
korver26
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Hallo zusammen,

nachdem ich den USB-Stick eines Bekannten, ohne ihn vorher zu scannen, geöffnet habe, meldete Avira ununterbrochen gefundene Malware. Da ich die infizierten Dateien auch nach etlichen Komplett-Scans mit Avira nicht beseitigen konnte und gern um das Formatieren herum kommen würde, bitte ich euch um eure Hilfe.

OTL:

OTL logfile created on: 17.01.2012 18:54:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthias\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free
6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS

Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.17 18:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe
PRC - [2012.01.14 23:01:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.09.07 11:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.11.12 22:33:04 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\DNA\btdna.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.01 21:42:40 | 001,655,552 | ---- | M] () -- C:\Programme\COMODO\Firewall\cfp.exe
PRC - [2008.05.22 15:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 19:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 19:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.17 13:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.05 05:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.14 23:01:32 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.17 11:38:07 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.17 10:22:10 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.10.01 21:42:42 | 000,143,104 | ---- | M] () -- C:\Windows\System32\guard32.dll
MOD - [2008.10.01 21:42:40 | 001,655,552 | ---- | M] () -- C:\Programme\COMODO\Firewall\cfp.exe
MOD - [2008.01.21 03:24:02 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2007.08.14 11:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 11:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 11:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 10:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\SamSung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Samsung Update Plus)
SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (cmdAgent)
SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2010.07.29 17:58:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.21 03:23:43 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\RIOUNIV.dll -- (mediamaxxlservice)
SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2009.12.07 20:43:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.17 09:44:11 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2008.11.17 09:44:11 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2008.11.17 09:44:11 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2008.11.17 09:44:11 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2008.10.12 22:55:36 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.10.01 21:42:42 | 000,085,008 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2008.10.01 21:42:42 | 000,073,232 | ---- | M] (COMODO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2008.10.01 21:42:42 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008.06.09 15:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.04.05 22:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.09.13 23:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.05.16 17:43:14 | 000,871,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\G220Vista.sys -- (athrusb6)
DRV - [2006.11.14 07:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2005.09.23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 23:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.17 11:34:59 | 000,000,000 | ---D | M]

[2008.10.19 13:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2011.12.21 09:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions
[2009.09.25 22:11:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.19 16:37:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\251tenqt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(222)
[2012.01.14 23:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 09:53:08 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.12.21 09:53:18 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.01.14 23:01:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.17 11:34:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 09:16:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 09:16:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.03 09:16:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 09:16:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 09:16:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 09:16:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.31 12:21:01 | 000,001,295 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_15_Plus_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - HKCU..\Run: [vasja] C:\Users\Matthias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MWS9XVV\35b05506dcef3bdff13a2c485c7b26e051fee7a76b9b62eab5b75b19561a107c[1] File not found
O4 - Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD3918D8-4438-4915-B598-9E132A2B6227}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Matthias\AppData\Local\360727e9\X) -C:\Users\Matthias\AppData\Local\360727e9\X ()
O24 - Desktop WallPaper: C:\Users\Matthias\Pictures\pi du bist cover.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\Pictures\pi du bist cover.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{41e3687f-aaa5-11df-9aec-0013776e8c51}\Shell\AutoRun\command - "" = xrWRew.ExE
O33 - MountPoints2\{41e3687f-aaa5-11df-9aec-0013776e8c51}\Shell\oPEN\CommaND - "" = xrwRew.EXE
O33 - MountPoints2\{480df03f-9121-11dd-a2cb-0013776e8c51}\Shell - "" = AutoRun
O33 - MountPoints2\{480df03f-9121-11dd-a2cb-0013776e8c51}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\AutoRun\command - "" = G:\dolly\\bejbe.exe
O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\explore\command - "" = G:\dolly\bejbe.exe
O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\install\command - "" = G:\dolly\bejbe.exe
O33 - MountPoints2\{614aa447-92bb-11dd-8c14-0013776e8c51}\Shell\open\command - "" = G:\dolly\bejbe.exe
O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\1\Command - "" = Recycled.exe
O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\2\Command - "" = Recycled.exe
O33 - MountPoints2\{a0bf23db-d2af-11de-93d6-0013776e8c51}\Shell\AutoRun\command - "" = Recycled.exe
O33 - MountPoints2\{dcd4daed-9902-11dd-ad2b-0013776e8c51}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd4daed-9902-11dd-ad2b-0013776e8c51}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{f58aa37e-ddd7-11de-8900-0013776e8c51}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: mediamaxxlservice - C:\Windows\System32\RIOUNIV.dll (Iomega)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2012.01.08 15:38:47 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\AppData\Local\360727e9
[2011.12.20 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.12.20 20:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.12.20 20:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2006.11.24 22:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 22:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2012.01.17 18:50:02 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.01.17 18:49:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 18:49:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 18:49:42 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.17 18:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 18:49:34 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 18:48:16 | 000,000,020 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.01.09 14:47:57 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.01.08 15:06:42 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.08 15:06:42 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.08 15:06:42 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.08 15:06:42 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.05 15:20:02 | 000,080,384 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.21 15:26:22 | 000,001,958 | ---- | M] () -- C:\Users\Matthias\Desktop\signatur.jpg
[2011.12.20 21:09:59 | 000,492,135 | ---- | M] () -- C:\Users\Matthias\Desktop\fk internationales.pdf
[2011.12.20 21:08:09 | 000,025,414 | ---- | M] () -- C:\Users\Matthias\Desktop\Praktikum Buch Camp.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.17 18:47:52 | 000,000,020 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.01.14 23:03:45 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.14 23:00:24 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.21 15:26:22 | 000,001,958 | ---- | C] () -- C:\Users\Matthias\Desktop\signatur.jpg
[2011.12.20 21:09:59 | 000,492,135 | ---- | C] () -- C:\Users\Matthias\Desktop\fk internationales.pdf
[2011.12.20 21:08:09 | 000,025,414 | ---- | C] () -- C:\Users\Matthias\Desktop\Praktikum Buch Camp.pdf
[2011.10.12 07:20:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.07.31 12:23:46 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.07.31 12:23:46 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.07.31 12:23:46 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010.07.31 12:23:46 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.07.25 11:07:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.07.25 11:07:22 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.01.29 11:21:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.01.14 17:36:21 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.01.14 17:36:21 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009.10.20 22:22:05 | 000,000,096 | ---- | C] () -- C:\Users\Matthias\AppData\Local\fusioncache.dat
[2008.11.15 22:13:32 | 000,000,386 | ---- | C] () -- C:\Windows\psnetwork.ini
[2008.11.15 22:13:32 | 000,000,074 | ---- | C] () -- C:\Windows\powerplayer.ini
[2008.11.15 22:13:32 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2008.11.12 18:12:04 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.10.03 20:19:44 | 000,080,384 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.02 00:12:34 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.02 00:12:18 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.02 00:06:41 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.10.01 23:55:46 | 000,000,135 | ---- | C] () -- C:\Windows\System32\lngEng.ini
[2008.10.01 23:55:46 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.10.01 23:45:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.01 23:43:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.10.01 23:43:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.10.01 21:42:43 | 000,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008.10.01 20:40:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.01 20:40:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.01 19:13:29 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.01.21 08:15:58 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.10 07:00:00 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2007.02.26 14:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.16 00:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.30 01:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.30 01:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,326,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 18:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll

========== LOP Check ==========

[2010.07.14 00:00:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\2K Sports
[2008.12.07 02:17:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore
[2011.11.06 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\BitTorrent
[2008.10.12 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools
[2012.01.17 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DNA
[2009.09.22 23:06:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GetRightToGo
[2011.09.01 09:03:42 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2010.07.25 11:16:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2010.07.16 21:50:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mirillis
[2008.12.18 18:08:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MyPhoneExplorer
[2011.11.17 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org
[2010.07.16 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Panasonic
[2008.11.15 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ppstream
[2012.01.17 18:48:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2008.10.01 19:13:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.07.08 15:56:07 | 000,000,000 | ---D | M] -- C:\avs contents
[2008.10.01 19:53:17 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.08.24 23:31:33 | 000,000,000 | ---D | M] -- C:\dell
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.08.06 19:35:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.08.24 23:31:15 | 000,000,000 | ---D | M] -- C:\drivers
[2010.06.25 08:46:54 | 000,000,000 | ---D | M] -- C:\f2bf8f39d17e9fe954370c
[2008.08.24 23:31:55 | 000,000,000 | ---D | M] -- C:\i386
[2008.07.08 15:11:45 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.16 23:11:59 | 000,000,000 | ---D | M] -- C:\MC_TMP
[2008.07.08 15:39:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.07.08 15:26:32 | 000,000,000 | ---D | M] -- C:\MyWorks
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.20 20:52:53 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.17 11:35:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.08.06 19:35:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.07.08 15:36:25 | 000,000,000 | ---D | M] -- C:\Samsung
[2011.08.18 06:14:49 | 000,000,000 | -H-D | M] -- C:\suifysuidhg
[2012.01.17 18:58:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.10.01 19:13:27 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.08 15:38:03 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: AFD.SYS >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 09:19:15

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB60945$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >

Extras:

OTL Extras logfile created on: 17.01.2012 18:54:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthias\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free
6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS

Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D81EB0E-DA43-4438-ACCE-287D7B88C397}" = lport=138 | protocol=17 | dir=in | app=system |
"{3758D63F-BF4D-498B-A165-D60B2F162040}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{405CA29F-E983-4724-A059-AD99F36B4D4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{411579C5-67CD-454C-AD5D-6F8E380F3482}" = rport=138 | protocol=17 | dir=out | app=system |
"{418E927E-E81C-4203-BA42-2941AE690D02}" = lport=445 | protocol=6 | dir=in | app=system |
"{457392A2-E167-4B9A-B4AE-96B0CA1824F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{96992E1D-C323-4BAB-99C2-82E8D839C6CE}" = rport=139 | protocol=6 | dir=out | app=system |
"{C141CA80-AAAB-4B45-B6C4-EA27F1B505E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2F570F7-2902-46CE-AC28-E23BD278B668}" = lport=139 | protocol=6 | dir=in | app=system |
"{EEC854BD-ECDD-430D-ACDC-F52FCF9D0A1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC9A57C4-086F-46F9-A893-5E62E98F3A02}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD7C8DAD-AA0D-4120-B2D7-0C1AE6F21973}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0457E381-A197-4E20-A96F-C357CAAB9820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD3DA30-F0E9-4675-B142-46A17DDD4D5F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0BE80420-B1F9-4774-BB5E-12EE6BBFCFD2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0D5008DD-D2A6-4446-B58F-46F4A3A7939F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{1048AAC5-9F97-41DE-8A5C-D05B08C6FF66}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{12D371EA-C7A7-4D76-B23F-D8A167CE67B9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1315D249-9D46-4792-B68C-AC1A4E00FB0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{14307BB8-AA08-45DF-84EF-8813CC25D5F5}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{14BA75AB-1439-45A1-A4B1-399BDF45579A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1621A0EF-56D2-4FCC-80C3-FA7488797B6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{18E6D8CF-BCA5-4AFB-A48D-E614D6EE4755}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1A674C65-8A46-43C2-A8C8-1DD1A894084E}" = protocol=6 | dir=in | app=d:\games\pes2010\pes2010.exe |
"{1B219B8A-B572-4960-9D7F-7DCBF19BE0A4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{1C1DC933-3CB5-4E1E-B38D-F96132672497}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1D82303C-A973-4B4F-9E6E-B19973D27A6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{1E70FB97-AA53-4E67-9791-C63BEF60388B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20061993-2D74-4204-BEC3-AD5953A1EADE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{267DEB56-81E6-4E70-B9A0-A68B6056F771}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{26978B87-53FB-4692-A69E-D52F1068FD89}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{26E20C68-5545-4B4F-A04C-70133A72E66F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2ADA7EAC-A905-4A32-98BA-79B394D53780}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D8BB844-40E1-4DCD-BB27-8F4A86C645EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2F784243-0772-4B59-9DB7-A6A2B20E39D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FCB93AC-CC42-4C30-B655-3B549A62C7CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{30809BBF-BDFD-408D-B021-4A230ECB8FE9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{32C5BCBD-CC69-439C-9A2E-F24AD6A57BB3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{33B6E8A5-52A8-4D9E-92DF-80F0C2AB1B27}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{345AB714-AEE9-4B70-B08D-DA510A29DC90}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{35E28D68-EE1A-4A02-83F7-43883BF04A29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{377250EA-8EEF-444B-91A5-6ACDB76EB695}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{388B1ADD-91AC-4737-B639-8BEC8BCA5A24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AD24F3F-B18B-4F8E-9FCE-5158BEDA7B5E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3C42301F-3804-41ED-824D-6542795C1A67}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3D6486C8-F244-4A3A-93A0-979FE4601D40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41EF3AF0-B56E-45F4-87DE-3A65D6FC3A00}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{42337004-D73F-4FF2-9017-71BAA3F20E3F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{45C39444-F4DC-4801-AB4E-BBCF999B7610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{466B32C4-67EC-4F9B-925C-3926FEC3782B}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{478E9238-BCF9-436F-AD4C-94742287F154}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{4BB8E9F6-1031-49AF-B6EA-6E9D3F7A9633}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{4F508379-AE72-4796-BA78-1E7B1CC66F61}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{5167EBED-4F83-4CB7-AE2C-095BB2D5B470}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{516E2C64-DBCF-4307-B4B4-E99784D17685}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53656EF4-8A77-4D5E-A5B3-0B10347E3DCB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{591649D2-BDE6-4CA0-8C9B-7DF90013E57D}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{5D5CAF7B-B43E-4AA4-A912-A9A2C790E1A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5E9AD099-A2CA-4034-AC1A-2D6D7A259607}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6508F088-0C76-4E77-BA39-DBED13671A5A}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{654321EB-F266-450F-9E99-185EABD3BECB}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{655A8DEC-47AA-4AB1-B48D-00BDB2041260}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{6AD26BA0-86B1-44BA-9087-B8932572C43C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{6DC12833-0BF1-493C-8763-507EC2DE2E0C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6DFBA6A9-B34D-4E90-80DF-22995741418F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{6EB029D0-BA2E-4414-B50C-E99BECC0C6AB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6F081F6E-824C-4E87-8DA1-79C62C2194EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{701B8C6A-D3EC-443C-837A-45E296D97E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7162772E-3205-4200-A76E-DB961598431C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{71B5FD02-2324-4F48-ADBA-02E913387FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{7A48414E-E154-49D1-A31F-9A2ED96CDBFA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7AB98D4C-B34D-4EC2-B907-3BE18956ECC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{82BB5154-6D17-4C3F-904A-431215C3D01A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{880559A0-6F51-4CDE-B6A3-DD3A189B7A94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C353662-4691-4CD5-9FB5-66FCFD630C8E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{90518E9F-2D53-45E2-B155-F982AC77242F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{93E94AD7-3FC5-45DF-A0AC-811FCAE95B4B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9C9D46E0-0234-48CD-A7CE-8CB1A4B48149}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9D278C84-96E0-45D4-ADA1-B7B6257653B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9D3EA30D-67A0-4568-B438-17CE4C65FC58}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{9E1884A9-95B0-45DB-9DCF-D943BCEDB87C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A07BD0D1-D351-4654-8DE8-6404B9351E12}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A1766E46-D12B-4622-B013-665A48D4E5A2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A1E16744-B5C8-4276-8B25-2C339E64664E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{A4859F63-EFFF-410D-AE42-6BBD6FC34D18}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{A9F3CCD6-AAA2-419C-91B2-258E63A8DBFE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{AB6FBCA7-4C0E-499C-9E4E-7C438A175A4D}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{AC5DB681-E2EF-49D7-A3DA-E47DEB36CF66}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{AD15DA06-8926-43C9-8EB8-D2F85A0BD6D2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{AD45B47E-91D7-4F26-A455-4F1CEC2A622E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AD482B4F-2B4A-4B7F-8DBD-0D9770DE769C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{AE485B51-0FDD-46EB-BC2D-E09F0658AF45}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{AFD4BF36-287B-40AB-9822-88ED6E4E7AED}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{AFFEB403-DEAF-4A6B-BFD3-0E80E50C65B1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{B5A01784-EB88-443E-A599-B9F153BB993C}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{B803D8D7-51F2-40B0-8D32-46AA420915F8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{BADC9E24-EAFF-475F-A4B8-75ACF7B03547}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BD950C3F-9857-4061-9831-9045EDB3BC7F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BE6CC98F-DFEC-4A13-8427-8828F84599DE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{BEF0B7C2-EB0D-4DD9-A34E-E68ED38A3674}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C1A00C60-FBEF-4779-A5DA-D9CBF785D5D9}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{C2A8F7E7-EB74-4DA9-BECF-1102D1D6A792}" = protocol=17 | dir=in | app=d:\games\pes2010\pes2010.exe |
"{C2E1FBA0-1383-4D89-99C0-AC1C263D10F2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C37512B4-617B-4B31-BA04-7E471F4F485C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4105671-9991-45B8-917F-D56E87EF79F6}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{CE7950A5-DC81-44CE-861B-F2058B820020}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D314CDF6-54D8-4EC6-9FE0-36AFE1A6D9CB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D3633E74-9DF3-4261-9495-5D428CCDCC57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe |
"{D79A101A-D309-452E-8145-DA70C426BF05}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{E0B15651-0DF6-4510-BE39-08A1B33A6944}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E4061EF2-B839-4317-B715-ADEED46513DE}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{E4D009F8-923C-41B3-8F7D-98920696B8BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E9AF8D87-D178-4A69-8DA7-07BA27229BBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9B01827-1DA2-439E-AA37-C8EBB76E3387}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EA3E8B97-4565-4F41-8B2E-CEFB70A1F5A6}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EE7D7F83-F8FD-4445-8C72-FA62449DB88A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0BCF5A1-6B45-4CFA-8F0A-B90EB1B388C4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F1A32106-197E-4A96-BEA2-80CA42F32E6C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F4925486-668A-4928-95B6-C17143DB69EF}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{F5459F7E-54BA-45ED-95E2-CEE1D73A0FFB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F62D1D53-5922-4495-9BDC-791B7FB8D52F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F6718128-B00A-4C55-B768-A339DE1F6762}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{F71F6FA3-A8EB-4622-AC7F-15F9C368ABC1}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe |
"{F79A5798-D45E-4438-B6AD-FF45688FAA07}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F7E40294-5082-4264-B4FD-F460DDEF800A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F8C1552A-EE40-40C4-B8B6-37AE29542496}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FA71BEC0-0E37-440F-88CE-022E28A91B7F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FA7FE057-9599-4364-9038-15589F94C4D4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{0A79E258-15DB-40C5-8FD2-13FDD1359B83}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0F8D781C-6E6A-48CF-B9A0-3EFF481AD5C7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1B216D8A-A2B8-4F05-AF38-65529C6EABCE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{22CC7741-0CA1-4EF7-8740-432F5F5719FA}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{274D7D2D-1B30-4E0E-82A5-7AC82EED259E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{58DD89A2-3A1D-4237-A9EC-A5D914D0F556}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe |
"TCP Query User{87532B1B-C502-4D60-A235-47FFF4FD11CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A879A4F2-F357-4527-BE4C-6E46E57EF0F2}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe |
"TCP Query User{B987F503-8BF7-4A60-94A2-69DB76CDF3C0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{C26BF490-97D1-4B78-9FFA-64BD16E2A91C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CC440787-8375-405D-BAB4-FB7EC2DF2CF8}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe |
"TCP Query User{D1E89AB1-B708-4939-A820-838674D592F0}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{DF9E434C-54C9-421C-98C0-DF2FFC3DEF6D}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe |
"TCP Query User{DFB30973-65A9-4EC2-B5E5-106EA8CD6EEC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E2165A83-3B44-4CA1-8A26-92E154436728}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{EEF05005-6BF7-456E-BE24-2884B1275091}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"TCP Query User{FB2BCE8A-1644-495F-8A5C-AD26ADC65968}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0321C189-9FD9-4758-BBDF-9D2A6E93424F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{03764557-B324-4AB1-A707-1ED8B4E6CBD7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{3FAFE6E5-AE21-4DCD-B53B-2AE8B7743047}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe |
"UDP Query User{54E9E826-7987-4671-9A5F-6B845040BCFA}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{552D2EB7-7289-4AEC-B20E-41906520F12F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{5C5137E1-C5C8-4994-B314-1B5120D3F9D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{61937566-D190-42F4-B031-F43CB60E9374}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{6342480A-8FE9-4FEC-9564-32F516AE5011}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6825B24A-FC8F-4733-A72E-D823B9510720}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe |
"UDP Query User{89C23EBF-1CD8-493A-9518-AC95F5884906}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{916ED359-38DF-4FA3-9A90-61242AC259F7}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe |
"UDP Query User{96D7AC1C-4D04-43B6-8A72-809696C5AA2C}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe |
"UDP Query User{990F559A-EEF2-4BEF-AB48-D0A28E4792B2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9F2E9091-22E8-4865-842E-6AC090E7AE03}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{A4E13806-496A-406F-92AC-962D9E85B430}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{D2BA4248-F757-442C-A17D-2BFDB8B644BD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F88818F6-DECA-4507-852C-E2BE4F9E10FE}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"AIM_6" = AIM
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Firewall Pro" = COMODO Firewall Pro
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code)
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Plus Download-Version D" = MAGIX Video deluxe 15 Plus Download-Version 8.0.2.4 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PPStream_is1" = PPStream
"RealAlt_is1" = Real Alternative 2.0.2
"SopCast" = SopCast 3.0.3
"Soulseek" = SoulSeek Client 156c
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.01.2012 05:27:59 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07.01.2012 05:48:05 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.01.2012 05:55:53 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 07.01.2012 23:50:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.01.2012 23:50:34 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08.01.2012 07:36:18 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =

Error - 08.01.2012 07:36:24 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09.01.2012 08:58:57 | Computer Name = Matthias-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AppleMobileDeviceService.exe, Version 2.50.39.0,
Zeitstempel 0x4a5d2d41, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00402747, Prozess-ID 0x7e0,
Anwendungsstartzeit 01cccece729087ab.

Error - 09.01.2012 08:59:32 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.01.2012 09:12:13 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Alt 29.01.2012, 18:14   #2
Psychotic
/// Malwareteam
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Gruß,
PsYcHoTiC
__________________

__________________

Alt 29.01.2012, 18:30   #3
korver26
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Sorry, dass ich die Extras- und Gmer-Logs jetzt direkt poste, aber meine gezippten Anhänge werden hier immer wieder als ungültige Dateien bezeichnet.

Extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.01.2012 18:54:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Matthias\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,87% Memory free
6,18 Gb Paging File | 5,41 Gb Available in Paging File | 87,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 89,09 Gb Total Space | 1,13 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
Drive D: | 199,00 Gb Total Space | 6,44 Gb Free Space | 3,23% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D81EB0E-DA43-4438-ACCE-287D7B88C397}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3758D63F-BF4D-498B-A165-D60B2F162040}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{405CA29F-E983-4724-A059-AD99F36B4D4B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{411579C5-67CD-454C-AD5D-6F8E380F3482}" = rport=138 | protocol=17 | dir=out | app=system | 
"{418E927E-E81C-4203-BA42-2941AE690D02}" = lport=445 | protocol=6 | dir=in | app=system | 
"{457392A2-E167-4B9A-B4AE-96B0CA1824F9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{96992E1D-C323-4BAB-99C2-82E8D839C6CE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C141CA80-AAAB-4B45-B6C4-EA27F1B505E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2F570F7-2902-46CE-AC28-E23BD278B668}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EEC854BD-ECDD-430D-ACDC-F52FCF9D0A1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC9A57C4-086F-46F9-A893-5E62E98F3A02}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD7C8DAD-AA0D-4120-B2D7-0C1AE6F21973}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0457E381-A197-4E20-A96F-C357CAAB9820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0BD3DA30-F0E9-4675-B142-46A17DDD4D5F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{0BE80420-B1F9-4774-BB5E-12EE6BBFCFD2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{0D5008DD-D2A6-4446-B58F-46F4A3A7939F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{1048AAC5-9F97-41DE-8A5C-D05B08C6FF66}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{12D371EA-C7A7-4D76-B23F-D8A167CE67B9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{1315D249-9D46-4792-B68C-AC1A4E00FB0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{14307BB8-AA08-45DF-84EF-8813CC25D5F5}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{14BA75AB-1439-45A1-A4B1-399BDF45579A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{1621A0EF-56D2-4FCC-80C3-FA7488797B6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{18E6D8CF-BCA5-4AFB-A48D-E614D6EE4755}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{1A674C65-8A46-43C2-A8C8-1DD1A894084E}" = protocol=6 | dir=in | app=d:\games\pes2010\pes2010.exe | 
"{1B219B8A-B572-4960-9D7F-7DCBF19BE0A4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{1C1DC933-3CB5-4E1E-B38D-F96132672497}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{1D82303C-A973-4B4F-9E6E-B19973D27A6C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | 
"{1E70FB97-AA53-4E67-9791-C63BEF60388B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20061993-2D74-4204-BEC3-AD5953A1EADE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{267DEB56-81E6-4E70-B9A0-A68B6056F771}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{26978B87-53FB-4692-A69E-D52F1068FD89}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{26E20C68-5545-4B4F-A04C-70133A72E66F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2ADA7EAC-A905-4A32-98BA-79B394D53780}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D8BB844-40E1-4DCD-BB27-8F4A86C645EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2F784243-0772-4B59-9DB7-A6A2B20E39D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FCB93AC-CC42-4C30-B655-3B549A62C7CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{30809BBF-BDFD-408D-B021-4A230ECB8FE9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{32C5BCBD-CC69-439C-9A2E-F24AD6A57BB3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{33B6E8A5-52A8-4D9E-92DF-80F0C2AB1B27}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{345AB714-AEE9-4B70-B08D-DA510A29DC90}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{35E28D68-EE1A-4A02-83F7-43883BF04A29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{377250EA-8EEF-444B-91A5-6ACDB76EB695}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{388B1ADD-91AC-4737-B639-8BEC8BCA5A24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3AD24F3F-B18B-4F8E-9FCE-5158BEDA7B5E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{3C42301F-3804-41ED-824D-6542795C1A67}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{3D6486C8-F244-4A3A-93A0-979FE4601D40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{41EF3AF0-B56E-45F4-87DE-3A65D6FC3A00}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{42337004-D73F-4FF2-9017-71BAA3F20E3F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{45C39444-F4DC-4801-AB4E-BBCF999B7610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{466B32C4-67EC-4F9B-925C-3926FEC3782B}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{478E9238-BCF9-436F-AD4C-94742287F154}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{4BB8E9F6-1031-49AF-B6EA-6E9D3F7A9633}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | 
"{4F508379-AE72-4796-BA78-1E7B1CC66F61}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{5167EBED-4F83-4CB7-AE2C-095BB2D5B470}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{516E2C64-DBCF-4307-B4B4-E99784D17685}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53656EF4-8A77-4D5E-A5B3-0B10347E3DCB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{591649D2-BDE6-4CA0-8C9B-7DF90013E57D}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{5D5CAF7B-B43E-4AA4-A912-A9A2C790E1A1}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{5E9AD099-A2CA-4034-AC1A-2D6D7A259607}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{6508F088-0C76-4E77-BA39-DBED13671A5A}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{654321EB-F266-450F-9E99-185EABD3BECB}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{655A8DEC-47AA-4AB1-B48D-00BDB2041260}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{6AD26BA0-86B1-44BA-9087-B8932572C43C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{6DC12833-0BF1-493C-8763-507EC2DE2E0C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{6DFBA6A9-B34D-4E90-80DF-22995741418F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6EB029D0-BA2E-4414-B50C-E99BECC0C6AB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{6F081F6E-824C-4E87-8DA1-79C62C2194EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{701B8C6A-D3EC-443C-837A-45E296D97E89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7162772E-3205-4200-A76E-DB961598431C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{71B5FD02-2324-4F48-ADBA-02E913387FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{7A48414E-E154-49D1-A31F-9A2ED96CDBFA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{7AB98D4C-B34D-4EC2-B907-3BE18956ECC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{82BB5154-6D17-4C3F-904A-431215C3D01A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{880559A0-6F51-4CDE-B6A3-DD3A189B7A94}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C353662-4691-4CD5-9FB5-66FCFD630C8E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{90518E9F-2D53-45E2-B155-F982AC77242F}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{93E94AD7-3FC5-45DF-A0AC-811FCAE95B4B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{9C9D46E0-0234-48CD-A7CE-8CB1A4B48149}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{9D278C84-96E0-45D4-ADA1-B7B6257653B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{9D3EA30D-67A0-4568-B438-17CE4C65FC58}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{9E1884A9-95B0-45DB-9DCF-D943BCEDB87C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{A07BD0D1-D351-4654-8DE8-6404B9351E12}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{A1766E46-D12B-4622-B013-665A48D4E5A2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{A1E16744-B5C8-4276-8B25-2C339E64664E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{A4859F63-EFFF-410D-AE42-6BBD6FC34D18}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{A9F3CCD6-AAA2-419C-91B2-258E63A8DBFE}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{AB6FBCA7-4C0E-499C-9E4E-7C438A175A4D}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{AC5DB681-E2EF-49D7-A3DA-E47DEB36CF66}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{AD15DA06-8926-43C9-8EB8-D2F85A0BD6D2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{AD45B47E-91D7-4F26-A455-4F1CEC2A622E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{AD482B4F-2B4A-4B7F-8DBD-0D9770DE769C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | 
"{AE485B51-0FDD-46EB-BC2D-E09F0658AF45}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{AFD4BF36-287B-40AB-9822-88ED6E4E7AED}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{AFFEB403-DEAF-4A6B-BFD3-0E80E50C65B1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{B5A01784-EB88-443E-A599-B9F153BB993C}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{B803D8D7-51F2-40B0-8D32-46AA420915F8}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{BADC9E24-EAFF-475F-A4B8-75ACF7B03547}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{BD950C3F-9857-4061-9831-9045EDB3BC7F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{BE6CC98F-DFEC-4A13-8427-8828F84599DE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{BEF0B7C2-EB0D-4DD9-A34E-E68ED38A3674}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C1A00C60-FBEF-4779-A5DA-D9CBF785D5D9}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{C2A8F7E7-EB74-4DA9-BECF-1102D1D6A792}" = protocol=17 | dir=in | app=d:\games\pes2010\pes2010.exe | 
"{C2E1FBA0-1383-4D89-99C0-AC1C263D10F2}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{C37512B4-617B-4B31-BA04-7E471F4F485C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4105671-9991-45B8-917F-D56E87EF79F6}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{CE7950A5-DC81-44CE-861B-F2058B820020}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D314CDF6-54D8-4EC6-9FE0-36AFE1A6D9CB}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{D3633E74-9DF3-4261-9495-5D428CCDCC57}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nba 2k9\nba2k9.exe | 
"{D79A101A-D309-452E-8145-DA70C426BF05}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{E0B15651-0DF6-4510-BE39-08A1B33A6944}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{E4061EF2-B839-4317-B715-ADEED46513DE}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{E4D009F8-923C-41B3-8F7D-98920696B8BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E9AF8D87-D178-4A69-8DA7-07BA27229BBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9B01827-1DA2-439E-AA37-C8EBB76E3387}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EA3E8B97-4565-4F41-8B2E-CEFB70A1F5A6}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EE7D7F83-F8FD-4445-8C72-FA62449DB88A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F0BCF5A1-6B45-4CFA-8F0A-B90EB1B388C4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{F1A32106-197E-4A96-BEA2-80CA42F32E6C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{F4925486-668A-4928-95B6-C17143DB69EF}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{F5459F7E-54BA-45ED-95E2-CEE1D73A0FFB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{F62D1D53-5922-4495-9BDC-791B7FB8D52F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F6718128-B00A-4C55-B768-A339DE1F6762}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{F71F6FA3-A8EB-4622-AC7F-15F9C368ABC1}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{F79A5798-D45E-4438-B6AD-FF45688FAA07}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{F7E40294-5082-4264-B4FD-F460DDEF800A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{F8C1552A-EE40-40C4-B8B6-37AE29542496}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{FA71BEC0-0E37-440F-88CE-022E28A91B7F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{FA7FE057-9599-4364-9038-15589F94C4D4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{0A79E258-15DB-40C5-8FD2-13FDD1359B83}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0F8D781C-6E6A-48CF-B9A0-3EFF481AD5C7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{1B216D8A-A2B8-4F05-AF38-65529C6EABCE}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{22CC7741-0CA1-4EF7-8740-432F5F5719FA}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{274D7D2D-1B30-4E0E-82A5-7AC82EED259E}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{58DD89A2-3A1D-4237-A9EC-A5D914D0F556}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | 
"TCP Query User{87532B1B-C502-4D60-A235-47FFF4FD11CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{A879A4F2-F357-4527-BE4C-6E46E57EF0F2}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | 
"TCP Query User{B987F503-8BF7-4A60-94A2-69DB76CDF3C0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{C26BF490-97D1-4B78-9FFA-64BD16E2A91C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CC440787-8375-405D-BAB4-FB7EC2DF2CF8}D:\games\nba2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\games\nba2k10\nba2k10.exe | 
"TCP Query User{D1E89AB1-B708-4939-A820-838674D592F0}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{DF9E434C-54C9-421C-98C0-DF2FFC3DEF6D}C:\users\matthias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | 
"TCP Query User{DFB30973-65A9-4EC2-B5E5-106EA8CD6EEC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{E2165A83-3B44-4CA1-8A26-92E154436728}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{EEF05005-6BF7-456E-BE24-2884B1275091}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{FB2BCE8A-1644-495F-8A5C-AD26ADC65968}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{0321C189-9FD9-4758-BBDF-9D2A6E93424F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{03764557-B324-4AB1-A707-1ED8B4E6CBD7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{3FAFE6E5-AE21-4DCD-B53B-2AE8B7743047}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | 
"UDP Query User{54E9E826-7987-4671-9A5F-6B845040BCFA}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"UDP Query User{552D2EB7-7289-4AEC-B20E-41906520F12F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{5C5137E1-C5C8-4994-B314-1B5120D3F9D3}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{61937566-D190-42F4-B031-F43CB60E9374}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"UDP Query User{6342480A-8FE9-4FEC-9564-32F516AE5011}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6825B24A-FC8F-4733-A72E-D823B9510720}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | 
"UDP Query User{89C23EBF-1CD8-493A-9518-AC95F5884906}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{916ED359-38DF-4FA3-9A90-61242AC259F7}C:\users\matthias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\matthias\program files\dna\btdna.exe | 
"UDP Query User{96D7AC1C-4D04-43B6-8A72-809696C5AA2C}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{990F559A-EEF2-4BEF-AB48-D0A28E4792B2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{9F2E9091-22E8-4865-842E-6AC090E7AE03}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{A4E13806-496A-406F-92AC-962D9E85B430}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"UDP Query User{D2BA4248-F757-442C-A17D-2BFDB8B644BD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F88818F6-DECA-4507-852C-E2BE4F9E10FE}D:\games\nba2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\games\nba2k10\nba2k10.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"AIM_6" = AIM
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Firewall Pro" = COMODO Firewall Pro
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"GNU Backgammon_is1" = GNU Backgammon 0.15-stable (20061119 code)
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Plus Download-Version D" = MAGIX Video deluxe 15 Plus Download-Version 8.0.2.4 (D)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PPStream_is1" = PPStream
"RealAlt_is1" = Real Alternative 2.0.2
"SopCast" = SopCast 3.0.3
"Soulseek" = SoulSeek Client 156c
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2012 05:27:59 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.01.2012 05:48:05 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2012 05:55:53 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.01.2012 23:50:33 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.01.2012 23:50:34 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.01.2012 07:36:18 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2012 07:36:24 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.01.2012 08:58:57 | Computer Name = Matthias-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AppleMobileDeviceService.exe, Version 2.50.39.0,
 Zeitstempel 0x4a5d2d41, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00402747,  Prozess-ID 0x7e0, 
Anwendungsstartzeit 01cccece729087ab.
 
Error - 09.01.2012 08:59:32 | Computer Name = Matthias-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2012 09:12:13 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 13:51:15 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 29.01.2012, 18:36   #4
korver26
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



So, jetzt hat es doch funktioniert. Ich bitte um Entschuldigung für meinen letzten Beitrag. Bitte einfach ignorieren.

Danke im Voraus!

Alt 29.01.2012, 21:43   #5
Psychotic
/// Malwareteam
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Handelt es sich dabei um eine legale Version?
Zitat:
Adobe Premiere Pro CS4

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.01.2012, 09:25   #6
korver26
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Bei Adobe Premiere CS handelt es sich um eine Originalversion.

Die Logs habe ich gepackt, weil ich es in der Anleitung so gelesen habe. Sie passen ansonsten auch nicht in einen Thread, da sie die maximale Anzahl der Zeichen überschreiten.

Soll ich sie auf mehrere Antworten verteilen?

Alt 30.01.2012, 12:39   #7
Psychotic
/// Malwareteam
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Nein, bitte nichts mehr anhängen - wir haben die nötigen Informationen!


Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 02.02.2012, 09:53   #8
Psychotic
/// Malwareteam
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.02.2012, 09:50   #9
Psychotic
/// Malwareteam
 
W32/PatchLoad.A und weitere Trojaner gefunden - Standard

W32/PatchLoad.A und weitere Trojaner gefunden



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu W32/PatchLoad.A und weitere Trojaner gefunden
7-zip, alternate, antivir, audacity, avg, avira, bho, bonjour, desktop, error, firefox, home, iexplore.exe, logfile, microsoft office word, mozilla, mp3, pdfforge toolbar, photoshop, realtek, registry, required, rundll, scan, security, security update, software, studio, svchost.exe, third party, torrent.exe, trojaner, trojaner gefunden, udp, version=1.0, vista, wlan



Ähnliche Themen: W32/PatchLoad.A und weitere Trojaner gefunden


  1. ConduitTB.GenA gefunden und nach Analyse weitere Probleme
    Log-Analyse und Auswertung - 09.06.2015 (11)
  2. Malware und Trojaner gefunden TR/AtRAPS.GEN, TR/Dropper.Gen2 und weitere
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (27)
  3. Seltsame Skype-Übertragung: dann JS:Agent-DDZ [Expl] gefunden + 4 weitere
    Log-Analyse und Auswertung - 10.10.2014 (9)
  4. Trojaner in exe gefunden - Überprüfung auf weitere Infektion
    Log-Analyse und Auswertung - 12.07.2014 (3)
  5. Widgi Toolbar gefunden und deinstalliert - Weitere Malware vorhanden ?
    Log-Analyse und Auswertung - 18.12.2013 (10)
  6. Avira hat JavaVirus und weitere Infektionen gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (13)
  7. PUP.Optional.OpenCandy gefunden - weitere Aktion notwendig?
    Log-Analyse und Auswertung - 14.10.2013 (12)
  8. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  9. Avira hat Trojaner "TR/Rogue.KD.853855.1" gefunden und in Quarantäne verschoben --> Sind weitere Schritte notwendig?
    Log-Analyse und Auswertung - 25.02.2013 (11)
  10. Sirefef.K.1 Trojan und weitere Trojaner gefunden
    Log-Analyse und Auswertung - 24.11.2012 (2)
  11. W32 Patchload.a und weitere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (3)
  12. Trojaner w32 patchload.a
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (115)
  13. Trojaner w32 patchload.a und TR/Kazy.24148
    Plagegeister aller Art und deren Bekämpfung - 20.09.2011 (48)
  14. erst trojana TR/DLDR.codecpac.kzf gefunden und weitere: was tun?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2010 (3)
  15. Trojaner gefunden (Trojan.BHO und TR/Dldr.Agent.cgzd) - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (9)
  16. c.exe und weitere gefunden, alles gelöscht - PC wieder 100% sauber?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2010 (4)
  17. Trojaner 'TR/Crypt.XPACK.Gen' gefunden, Sorge um weitere Trojaner
    Log-Analyse und Auswertung - 28.09.2008 (0)

Zum Thema W32/PatchLoad.A und weitere Trojaner gefunden - Hallo zusammen, nachdem ich den USB-Stick eines Bekannten, ohne ihn vorher zu scannen, geöffnet habe, meldete Avira ununterbrochen gefundene Malware. Da ich die infizierten Dateien auch nach etlichen Komplett-Scans mit - W32/PatchLoad.A und weitere Trojaner gefunden...
Archiv
Du betrachtest: W32/PatchLoad.A und weitere Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.