Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.09.2011, 12:20   #1
Infuse
 
Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? - Standard

Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?



Hallo Liebes Board,

da ich absolut keine Ahnung von Trojanern/ Vieren habe, hielt ich es nicht für klug die Anweisungen anderer Posts zu befolgen ohne zu wissen, ob sie in meinem speziellen Fall sinnvoll sind oder nicht.

Ich habe heute morgen den Rechner angeschaltet und ständig folgende Antivirmeldung erhalten :"TR/PSW.Sinowal.Y.3585" Der Pfad dazu war etwas wie "C:\Users\Jeinsen\APPData\Roaming"...
ich kann es leider nicht mehr genau sagen, denn nachdem ich zig mal "Zugriff Verweigern" als Befehl bei Antivier ausgewählt hatte und nichts passierte, wählte ich auch die Befehle "Löschen" und " in Quarantäne verschieben".
Danach änderte sich scheinbar etwas an der Fehlermeldung verursachenden Datei und seither bekomme ich immer folgenden Pfad"C:\Users\Jeinsen\kload63.VIR !
Mein Pc ist während diese ständigen Virusmeldungen kamen extrem langsam gewesen und hatte starke Delays. Jetzt kommen momentan keine Meldungen mehr.
Ich habe daraufhin wie im FAQ beschrieben OTL und Defogger heruntergeladen und ihre Scans ausgeführt.
Diese sehen wie folgt aus:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:33 on 21/09/2011 (Jeinsen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL
Code:
ATTFilter
OTL logfile created on: 21.09.2011 12:03:53 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Jeinsen\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,13% Memory free
16,21 Gb Paging File | 14,20 Gb Available in Paging File | 87,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 589,59 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JEINSEN-PC | User Name: Jeinsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 11:58:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe
PRC - [2011.09.10 13:09:13 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.08.02 05:57:18 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.05.30 20:58:32 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2010.11.22 14:38:53 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.05 16:30:47 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.23 23:21:03 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.10 13:09:13 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011.09.10 13:09:10 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011.09.10 13:09:10 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011.09.10 13:09:10 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011.09.10 13:09:10 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2010.11.22 14:38:53 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.10 13:09:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.05 16:30:47 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.23 23:21:03 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2009.12.08 21:18:48 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008.09.08 05:11:58 | 001,018,368 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008.08.06 10:26:08 | 000,174,592 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 D4 19 B8 ED 0A CA 01  [binary data]
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.31 23:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.31 23:34:33 | 000,000,000 | ---D | M]
 
[2010.05.31 23:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Extensions
[2011.06.24 15:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions
[2010.07.01 14:22:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.17 17:54:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.24 15:47:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jeinsen\AppData\Roaming\Mozilla\Firefox\Profiles\8vmdrahp.default\searchplugins\icqplugin.xml
[2011.01.17 10:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.17 10:56:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\kload63.dll,_IWMPEvents File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Jeinsen\kload63.dll,_IWMPEvents File not found
O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{171A20B0-4CD9-4B81-951D-5A66CCC23A8C}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{a839bf41-6d62-11de-96e5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a839bf41-6d62-11de-96e5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{b2b2f4d8-75ff-11de-aa8b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b2f4d8-75ff-11de-aa8b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010.09.11 01:09:30 | 002,508,760 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.21 11:58:44 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe
[2011.09.21 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.09.21 11:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011.09.21 11:46:16 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jeinsen\Desktop\HJTInstall.exe
[2011.09.18 12:15:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.17 21:57:08 | 000,000,000 | R--D | C] -- C:\Users\Jeinsen\Dropbox
[2011.09.17 21:54:38 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.09.17 21:54:12 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Dropbox
[2011.09.17 21:53:52 | 016,215,808 | ---- | C] (Dropbox, Inc.) -- C:\Users\Jeinsen\Desktop\Dropbox 1.1.45.exe
[2011.09.08 09:55:50 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\Desktop\Addons
[2011.08.28 10:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011.08.28 02:19:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Babylon
[2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Local\Babylon
[2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.21 12:08:30 | 000,000,901 | ---- | M] () -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.09.21 11:58:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe
[2011.09.21 11:57:23 | 000,000,000 | ---- | M] () -- C:\Users\Jeinsen\defogger_reenable
[2011.09.21 11:56:47 | 000,050,477 | ---- | M] () -- C:\Users\Jeinsen\Desktop\Defogger.exe
[2011.09.21 11:47:06 | 000,001,928 | ---- | M] () -- C:\Users\Jeinsen\Desktop\HijackThis.lnk
[2011.09.21 11:46:17 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jeinsen\Desktop\HJTInstall.exe
[2011.09.21 11:18:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.21 10:48:28 | 000,000,680 | ---- | M] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps.dat
[2011.09.21 10:47:58 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.21 10:47:57 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.21 10:47:45 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 10:47:45 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.21 10:47:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.21 10:47:43 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.09.21 10:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.18 12:22:31 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.18 12:22:31 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.18 12:22:31 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.18 12:22:31 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.18 12:22:31 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.17 21:57:08 | 000,000,983 | ---- | M] () -- C:\Users\Jeinsen\Desktop\Dropbox.lnk
[2011.09.17 21:54:05 | 016,215,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeinsen\Desktop\Dropbox 1.1.45.exe
[2011.08.31 14:48:37 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.08.28 02:19:40 | 000,000,911 | ---- | M] () -- C:\Users\Jeinsen\Desktop\World of Warcraft-Installationsprogramm.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.21 11:57:23 | 000,000,000 | ---- | C] () -- C:\Users\Jeinsen\defogger_reenable
[2011.09.21 11:56:47 | 000,050,477 | ---- | C] () -- C:\Users\Jeinsen\Desktop\Defogger.exe
[2011.09.21 11:46:41 | 000,001,928 | ---- | C] () -- C:\Users\Jeinsen\Desktop\HijackThis.lnk
[2011.09.17 23:43:40 | 000,000,901 | ---- | C] () -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.09.17 21:57:08 | 000,000,983 | ---- | C] () -- C:\Users\Jeinsen\Desktop\Dropbox.lnk
[2011.08.28 02:19:40 | 000,000,911 | ---- | C] () -- C:\Users\Jeinsen\Desktop\World of Warcraft-Installationsprogramm.lnk
[2011.08.28 02:05:36 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.06.14 20:29:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.03.31 15:21:36 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.01.17 10:57:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.13 14:41:51 | 000,070,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.05.31 23:34:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.14 14:48:09 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009.12.28 18:54:17 | 000,048,128 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 20:32:27 | 000,123,732 | ---- | C] () -- C:\Windows\RollerCoaster Tycoon Uninstaller.exe
[2009.07.23 16:37:39 | 000,000,680 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps.dat
[2009.07.21 18:44:07 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.07.10 17:23:05 | 000,024,414 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.10 17:11:14 | 000,001,460 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps64.dat
[2009.07.10 13:05:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.10 13:04:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.10 13:04:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.10 12:16:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.10 11:25:55 | 000,037,109 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.10 11:25:54 | 000,037,109 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.08.27 22:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Babylon
[2009.12.24 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Bioshock
[2011.09.18 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Dropbox
[2011.06.24 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.23 10:14:34 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\GetRightToGo
[2011.09.11 00:14:07 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\ICQ
[2010.09.21 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\LolClient
[2011.03.02 18:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\OpenCandy
[2011.02.02 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Systweak
[2011.05.15 23:20:58 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\TS3Client
[2010.05.29 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Uniblue
[2011.09.21 10:47:43 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.09.20 17:35:03 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.07.10 17:11:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.10 13:54:52 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.09.18 18:21:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.10 17:09:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.10 11:22:19 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.11.24 22:44:19 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.31 15:07:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.21 11:46:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.27 22:53:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.10 17:09:52 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.21 12:05:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.07.10 17:11:13 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.14 16:30:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 21.09.2011 12:03:53 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Jeinsen\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,13% Memory free
16,21 Gb Paging File | 14,20 Gb Available in Paging File | 87,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 589,59 Gb Free Space | 63,29% Space Free | Partition Type: NTFS
Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JEINSEN-PC | User Name: Jeinsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E1 0B B4 13 DC 5B C8 01  [binary data]
"VistaSp2" = DA E8 FF 60 55 01 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B57B48-8A46-4EBD-8B8C-79BFE3E62B5D}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{08ECCD77-490C-493E-82B2-5656B7ED68DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{09E8CB96-6EE3-4444-A02F-BFB313630A52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1450B2CE-38B1-4CDF-A4C7-C63E7625E028}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1938658F-E567-4B14-AECE-9812053038BD}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A25076D-69B2-4B33-A0FE-363CC04C19BB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{2A8DB9A4-D7E7-4346-B4CB-84AB98CECE3B}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | 
"{2B76695E-2082-4AAA-B542-4CCCAF03353E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E95E7CE-0316-44E5-AA44-3B1E18C0EE87}" = rport=139 | protocol=6 | dir=out | app=system | 
"{33B1C6DF-F82D-4EA0-969E-09FBCC233450}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{3499E99A-56B2-4192-B996-C6AA135ABE3B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3951DABB-BDB5-49A2-BE53-94CD17A537A9}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{3D9A3E3B-8143-4CB0-AE4F-54E7516B9540}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{40C36D40-16EA-40D6-BA95-9D5DB587330E}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | 
"{49BB125E-5F4E-4319-8A2D-5A9612AFCF1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4CFABE9B-0B30-4C0B-AA99-A926A7ED7DE9}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{5A869440-F47A-441D-B45E-19AA9E592F0A}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | 
"{666717AE-001E-4872-97A6-B5AED4E563B6}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | 
"{693675E4-78D9-456D-8FE0-1EEB6E9EB945}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{6A143D58-C2DE-4CE8-BAF2-8F8D84C06951}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C0174D0-81E9-4FCF-89BC-BDFC908AB460}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C83F6FC-B409-45AF-A539-FA2F06AF3751}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E451734-0713-441C-889F-30010D962077}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{74E2EBD1-CF9F-45FB-B626-DFC1E7E2B4D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78EE7094-1B9B-4FAF-8628-FCF63F7BC057}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{79D6A8F1-4198-4CE6-BD43-907EC445D9C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7A9B1569-B5F3-4BBD-95E6-E0524027CCA5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D1CFBF6-23A3-412B-AE52-4A766FB52363}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{7FEA5935-4C11-4670-B16D-7BA6EE36A645}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{8D6231E9-973E-4C90-9C8A-574D28857D70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{91B5F41C-845B-4A03-AA71-718DAF692EC3}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher | 
"{A05EE6BB-85CB-4E0F-83C9-31249F59C73E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A1E4B357-D723-4DC7-B249-8020B737DB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5291C41-F546-4B8E-8302-17739B845938}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AF84EA83-A575-4967-9E4F-C2C3B2EBEFD9}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{B083E986-8A8C-4448-A3F4-3FFF52577162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B11E0AA7-C750-4351-8471-DD9F1633AB65}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{BDE0D5C0-6D27-44C7-BC5B-67465C5152FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C52CA314-A569-4A02-ADA1-511DEEB2F82F}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{C5D2AB6F-3F2E-4EF4-A06B-A56B78FF3A03}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{CBFF0136-54A1-419A-AA81-E49E438A4552}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CCA15831-16D9-4793-983B-4857C53F8AEB}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher | 
"{CEE7AB8B-2712-4E02-B32C-7B65D0D30864}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{D29310D0-A535-4500-8067-24C037E6D355}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF936A58-1638-4FE5-B25A-B8B2DAC02925}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{E13963B0-4EC2-40EB-A1D1-4E8A418685A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBBC678F-F281-42EF-906F-AA16FF59CC5E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F3DF208C-5EA5-4BF0-976D-603C2F53BDE7}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{F6C2D591-7874-4D73-9425-6C1175926A23}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F95F52C2-AE19-4770-9205-5D9205C8DFAE}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{FCE2BA67-35B8-4304-95AF-86981F526C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FEEFD1BA-87AF-4585-BD58-F8A24171695C}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C10FBA-63B9-4E37-A7B9-39F51708B300}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{01D1B240-BBB5-4A9C-9D1F-8B2DDA33D916}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{02ED87E7-8915-4CDE-9921-3749D9520773}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{04026A57-FB62-459B-9D27-82A4475DABCA}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{042B4B2F-7EF7-47C4-B0FD-CB391899B5D9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{105C2037-3AA4-4C7C-B10A-3DFBB21CA2A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1253A87E-1ECF-45E7-8727-556368A025DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12F0AE1E-4D59-40B7-84FE-11D0534D46C2}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{156A94B5-85CD-47BB-90E3-35BCD56A9E33}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{163DD763-1596-4A8A-85C0-7758253696D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{16A7CBDF-FDC6-4DBE-B3FF-3A9A3D3E46F5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1819075E-AEBD-4246-8A57-2E4F21935C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{187A3B24-398F-40A7-9DC2-E06CF9FC2F37}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1A268948-3689-4D42-A4EF-1C1F81E2001C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A46454C-A4BD-4A6D-96DE-31EFF0C748FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1A663DED-6C5E-44B4-9513-5B7D48D912F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{20B7EF90-F0B7-4962-959F-3187E5BE4286}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe | 
"{24697827-9DC2-49CB-93CD-3A55E05152A8}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{24FFCDAD-1FAA-4A51-B87E-78ACEA429EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{2581691F-86B5-43D2-A480-5D85D33BD3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{26F828F9-7F64-4B4B-9792-776865A7D2C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D68DF7E-E4B1-4E1E-AE42-6848F72D260E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E842588-6236-449A-B704-15DF6FDC6E39}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{3090C661-D4AC-4CBF-8452-2CF41B6D09FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3134C2BE-1625-49BA-845C-364259EE991A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B1F9F57-B5A6-4F3E-9F95-AAB07857CFDC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{3C1C1E53-44B2-4B24-B064-7BB8D0DA81EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C9EEEFF-E975-4AD6-B9E9-AF3496C60F9B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{4145BD2B-9F47-4347-A488-9F1FC8AB5228}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{4610299D-A108-42C8-ACB1-27165B640EAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{466282FB-87F1-4D0D-8AAC-14DC11E06E22}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{48BF2868-DD7F-40BD-B61D-D7565D93F165}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4E1E422C-3244-4C06-AB79-4480F5852221}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{4FE54F9E-23B6-45EF-A478-5CE1409FEA50}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{55D1B4B7-DA65-4E38-A35B-7B7B39ABD41D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{571BFD1E-F636-479D-9578-F3C708CA9CB7}" = protocol=6 | dir=out | app=system | 
"{58AB9B6B-8DB2-49F0-BEBA-5E53B84B245C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{590A7E75-6F49-4F11-A295-E461192A0412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C6CB038-0410-4A4F-AAB9-B9472022D718}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5F06E43B-C58C-4DD0-B318-A47612BC85C6}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{6223D45F-38D0-41E9-BC3D-DD37DC578DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{655B9E97-D8CF-46A1-832B-30A9F0892FA6}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{65BD44C6-9FF6-4D44-8B3F-8F9D12634ABA}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{664DD19B-FD4F-4CC3-B9A8-B2004730D792}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{6AA9C707-A6C9-402E-BC72-106EFB551B5D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{6BC354E1-2001-42A6-AECC-492BA574B570}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{6E8862F7-42B9-41B4-862E-6AF89A716776}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{70DBA89A-7C1F-43BA-9B7F-31AF37209994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{72189A6C-F2D2-4500-8D50-4A00AEFDDCFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{73505ED7-CE22-4C81-8DDE-ED3852AA8F6B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{762AC233-303F-455E-A6D5-FC20ADB17DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7DA060DF-08E1-4225-BE02-BD58CD2A2379}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85963F48-0970-48F5-BBB8-E024F6E646B4}" = protocol=17 | dir=in | app=c:\users\jeinsen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{86385068-3AD5-4A39-9BCC-FD9C6B17FBD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A0955BD-1ADB-4AD7-B24C-3E42422809EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C843471-C7AD-441E-A3A4-D6DE9DB2E9C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | 
"{9E504191-34D3-412B-87C9-4D82A0154A25}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{9F1AFD34-CD2B-4AF2-BF51-44FDC2F1A9D9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{A088F399-0DA4-40AC-94F7-5AC92C87B9FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{A14AA9EF-9031-409B-A040-4FA736782AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A226FD95-94F2-4FA0-9B9E-5DEC1C27CDCE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{B3D9D966-8DC3-4BA4-954F-F15A75D285BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe | 
"{B5403B0C-0D75-496C-8C06-5B3C63014067}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe | 
"{B7FEEF77-40B4-46C8-8C2E-02CED356EDF9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{B9771492-892A-48FE-B1DA-659AE8136846}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{C00DD128-28B6-42A3-8E3C-4E15AA9E2270}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{C16D7190-E5A4-4CF1-BCBB-8D82A7DC5C07}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"{C49D2B91-134F-4141-9A39-3063AD068C0F}" = protocol=6 | dir=in | app=c:\users\jeinsen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C4AD6766-7328-4857-867F-6B812141C453}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C7C7DEB4-E3E7-4FCA-BACE-B3468CBE7F5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C8BE7B6A-614B-4465-820A-4DF9EED45531}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"{CA2E8FE3-18AA-4218-BFFB-021B6C708EF6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D21CB244-9756-400B-B6ED-76F32E47E705}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{D8040CCC-A9E1-4D46-B34F-9A69A04F1DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe | 
"{DAEB99E0-49D5-41CD-B290-9D2835E5F054}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{DB4FDC52-E2A7-4169-9B2B-A6C72AFF5586}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E1E9C2D4-6CB1-4B9C-9938-1106B3178803}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{E39335FF-4CC7-442E-A62E-B47568C472EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E67860D3-B579-424D-A7FF-AF78AB241BEE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{F07145FD-F6E4-4471-86DD-50A6A85A10C8}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{F2DE61FB-952E-44BA-876A-C05630A05F1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{FA43EE7F-F65C-4549-9A1B-6ABBE06B4A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | 
"{FA9AC21F-5214-47E0-AC4B-97E8F4B7FFC0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{FB7B5DFD-50A8-4F3B-B711-157F544F84F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBA9D747-AB95-4168-B702-7B1A551A6349}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"TCP Query User{03D24B6C-4064-46EA-8A5E-F2574FAC5C41}E:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{03F9B10B-53A5-4930-9B5F-354EC20081A8}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{05B6746A-679B-46A6-BB6D-5D17A5D0BD6A}C:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe | 
"TCP Query User{1A56FAF9-0FD1-4C43-827B-F0AE5755E63B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{20F06A03-DB0D-4E7E-B355-0E91C61B1BFC}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{221FBE84-AB9E-400B-95E5-2995EEA26978}C:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe | 
"TCP Query User{2330B5C1-9905-43F0-ABAE-4AA39E187B76}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{2FA1DCD1-372B-40B0-BC30-8DC658ED50EC}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{3A4E7AA4-C271-432A-84A6-F48571D742E0}C:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe | 
"TCP Query User{4C3CB885-0F1E-4C16-8ACB-DBFAC8593F87}C:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe | 
"TCP Query User{4F53EF8D-6213-4065-A2E0-CD0C25CD65A9}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{50CE36D7-2BBB-4E21-95EA-A27A2826D545}C:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe | 
"TCP Query User{59562EEA-678E-498D-9DB4-F5ABC0B82F7D}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{59CE48A8-F0A3-47A5-A310-FDEE11CAD032}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{66B01652-546C-4AF5-A982-A3186EF85648}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{71F64158-23C6-480E-9409-3E344740963D}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{80E90C35-9852-4F37-A7EE-D73E8F50A437}C:\users\jeinsen\desktop\lan\games\insane\game.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\insane\game.exe | 
"TCP Query User{9410D85B-BFF8-4891-A702-F6AD730E8681}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{A2293ECD-3FF6-468D-8F37-A0410EE49DCC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{A765B077-E34B-40D0-A490-29954F642655}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"TCP Query User{B4F6D539-DDB4-44E9-9C95-66BDA4C5BF48}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{BCB655A6-40EF-4E68-BE28-EAB944929902}C:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | 
"TCP Query User{BF38CC3A-E907-4658-9293-D6688AE22D20}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | 
"TCP Query User{C43A0DD3-CED1-4301-BB66-2A6BB33C56F1}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{CC874943-3320-4AD9-B2DB-78B8FD257BB7}C:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe | 
"TCP Query User{D0D1FF93-A3A4-4983-9396-052A1EAABA37}C:\users\jeinsen\desktop\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\cod 2\cod2mp_s.exe | 
"TCP Query User{DBDFC3BF-5EA0-43E3-8F2D-B4CAAB6C8C78}C:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe | 
"TCP Query User{DE20A440-58CA-4ECC-89F6-8272B37E7557}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{E0EF57C7-2F69-4F4C-A872-D385B9623451}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{E7556AB4-3853-490D-98AF-AB171C9BC46B}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{ECAB71FF-833F-4813-87DA-2E3387D5899D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{EE1978B7-DE2B-4289-A3C4-86E2C579DF74}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | 
"TCP Query User{F6A4C589-0077-4A71-BE76-697BC6176474}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{FAFA110E-BA3F-424D-9AF2-9103CC517502}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{055109F2-78D5-4737-BB29-503F6FA99B80}C:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe | 
"UDP Query User{0BEAE87B-D026-40EA-A080-E9E52B3F367A}C:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe | 
"UDP Query User{11D04BEB-00F6-4121-8D93-C05D1C6E73E8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{1C3FE5C7-4CFF-413C-B502-9255E7F5661A}C:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe | 
"UDP Query User{26BC498A-4706-4A78-8451-3332F33989E4}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{2E2179C7-32FD-4F55-8CFA-447FC78AFE3F}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | 
"UDP Query User{3EA37B34-7C89-4252-83B8-2A4370731B32}C:\users\jeinsen\desktop\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\cod 2\cod2mp_s.exe | 
"UDP Query User{54C65636-F5E1-4E26-BE06-101206C8E465}C:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe | 
"UDP Query User{5DA702B5-F525-47D4-B777-1DBF19BED9A5}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{5E452619-CF43-42D4-9FC0-78E05C55808E}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{5E8D2262-B063-449F-A52A-6AFA6AE174E2}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{62681FEB-6724-454E-A15D-DDB1063DD9EB}C:\users\jeinsen\desktop\lan\games\insane\game.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\insane\game.exe | 
"UDP Query User{68BD5CEF-FB4E-4414-889A-EC227AD3D5AF}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{73EB146C-D1D1-4458-9BB6-0BE5B8D6E9FF}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{79F1412B-584D-4B1A-B10B-94A865D5240E}E:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{8007BFF0-3DD3-494A-9925-92E51075753A}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{803A3BEA-3F86-41EE-8A6F-961F67FAE915}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{8F6A5FFB-C523-46A3-A7A1-C9E7181042D5}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{911E4EDD-E25C-423C-A2AF-3AA80FCEDE2F}C:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe | 
"UDP Query User{91704EFF-CE94-401D-B4D8-884CCF98FCD3}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | 
"UDP Query User{99079994-E8CF-4F3E-8A4A-A70436B23DF4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{A45E9168-AD0B-4EF4-B27F-83A92A9DB592}C:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe | 
"UDP Query User{A97AD7F9-E7E9-4794-A369-F8B0FFB92474}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{AB6EE02C-5336-423B-A958-73C701A37596}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{CE37C2D9-3662-4F9C-B43B-3BFF026A61A0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D35131E9-6B46-4580-824E-0CF5560910D1}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{D611E65A-7121-45EF-AFF3-44885452BE4E}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{DE50E430-A11A-438A-B7EF-3BB1253A5C5F}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{E1128C65-D7F4-4FCC-A034-DE9B235363D4}C:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | 
"UDP Query User{E32DCE48-52F5-44ED-BC44-77E30A7896B6}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{E3D7258C-C954-45FE-A078-0D79FD7F5DC5}C:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe | 
"UDP Query User{E59CB4EF-CC51-4E88-91C6-C40256F4AEF7}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{EE2025BB-F7AB-474E-855F-E396E0C4A955}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{FAC1453E-003F-4DA9-8512-C5796C257BF4}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PK-PCSU_is1" = PC Beschleunigen
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{231E5C2B-8975-4E57-814B-BB137890C016}" = Europa Führerschein
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"League of Legends_is1" = League of Legends
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PokerStars.net" = PokerStars.net
"RollerCoaster Tycoon" = RollerCoaster Tycoon
"StarCraft II" = StarCraft II
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmUnited_is1" = TrackMania United 0.2.0.8
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"World of Logs Client" = World of Logs Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.08.2011 12:14:41 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 12:14:41 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 12:14:42 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 12:15:51 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.08.2011 12:15:51 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2011 05:35:10 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2011 12:00:43 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2011 04:29:51 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2011 17:41:59 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 05:21:43 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.09.2011 05:28:37 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 05:51:04 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 05:52:41 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 06:30:28 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 06:48:59 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2011 07:54:47 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 21.09.2011 04:49:21 | Computer Name = Jeinsen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.09.2011 04:49:21 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 21.09.2011 04:49:46 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 21.09.2011 04:56:05 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Ich hoffe mir kann jemand schnell und einfach erklären, wie ich das wieder in Ordnung bringe oder ob es nur hilft den PC einmal komplett platt zu machen
und alles wieder neu draufzuspielen, was sehr schade wäre,
denn ich habe momentan viele Vorstellungsgespräche und wichtige Unidokumente auf meinen PC!

Ich Danke und hoffe, dass Problem ausreichend beschrieben zu haben.

Alt 21.09.2011, 15:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? - Standard

Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Führe danach auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________

__________________

Antwort

Themen zu Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?
64-bit, antivirus, autorun, avira, bho, c:\windows\system32\rundll32.exe, call of duty, converter, counter-strike source, downloader, error, fehlermeldung, firefox, format, grand theft auto, helper, hijack, home, intranet, langsam, league of legends, logfile, mp3, problem, realtek, rundll, shortcut, software, svchost.exe, teamspeak, trojaner, udp, vdeck.exe, vista



Ähnliche Themen: Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?


  1. Problem beim Starten: "C:\Users\xxx\AppData\Local\Image Camera\Bin\ImageCamera.dll"
    Plagegeister aller Art und deren Bekämpfung - 19.10.2015 (9)
  2. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  3. C:\users\"user"\app data\...\xeepi.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2014 (3)
  4. "rootkit.Boot.Sinowal.b" eingefangen!
    Log-Analyse und Auswertung - 22.09.2013 (8)
  5. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  6. Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"
    Log-Analyse und Auswertung - 05.06.2013 (10)
  7. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  8. "PUP.OfferBundler.ST" in \Users\Mama_Papa\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe
    Log-Analyse und Auswertung - 29.09.2012 (13)
  9. "AcroIEHelpe163.dll" in C:\Users\Hendrik\AppData\Roaming\, TR/Rogue.kdv.666318
    Log-Analyse und Auswertung - 08.08.2012 (5)
  10. C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung
    Log-Analyse und Auswertung - 08.07.2012 (5)
  11. Fehlermeldung:"Problem beim Starten von C:\Users\user\AppData\Local\Temp\ch810.exe"
    Log-Analyse und Auswertung - 14.05.2012 (27)
  12. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  13. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  14. Bootsektor Virus "BOO/Sinowal.A"
    Log-Analyse und Auswertung - 01.04.2009 (29)
  15. Bootsektor Virus "BOO/Sinowal.C"
    Plagegeister aller Art und deren Bekämpfung - 30.12.2008 (1)
  16. Wie entferne ich einen "BOO/Sinowal.A-Virus" der im MBR ist?
    Plagegeister aller Art und deren Bekämpfung - 01.07.2008 (13)
  17. "all users\gemeinsame..." verschieben, aber wie???
    Alles rund um Windows - 09.05.2005 (3)

Zum Thema Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? - Hallo Liebes Board, da ich absolut keine Ahnung von Trojanern/ Vieren habe, hielt ich es nicht für klug die Anweisungen anderer Posts zu befolgen ohne zu wissen, ob sie in - Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?...
Archiv
Du betrachtest: Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.