|
Log-Analyse und Auswertung: Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.09.2011, 12:20 | #1 |
| Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? Hallo Liebes Board, da ich absolut keine Ahnung von Trojanern/ Vieren habe, hielt ich es nicht für klug die Anweisungen anderer Posts zu befolgen ohne zu wissen, ob sie in meinem speziellen Fall sinnvoll sind oder nicht. Ich habe heute morgen den Rechner angeschaltet und ständig folgende Antivirmeldung erhalten :"TR/PSW.Sinowal.Y.3585" Der Pfad dazu war etwas wie "C:\Users\Jeinsen\APPData\Roaming"... ich kann es leider nicht mehr genau sagen, denn nachdem ich zig mal "Zugriff Verweigern" als Befehl bei Antivier ausgewählt hatte und nichts passierte, wählte ich auch die Befehle "Löschen" und " in Quarantäne verschieben". Danach änderte sich scheinbar etwas an der Fehlermeldung verursachenden Datei und seither bekomme ich immer folgenden Pfad"C:\Users\Jeinsen\kload63.VIR ! Mein Pc ist während diese ständigen Virusmeldungen kamen extrem langsam gewesen und hatte starke Delays. Jetzt kommen momentan keine Meldungen mehr. Ich habe daraufhin wie im FAQ beschrieben OTL und Defogger heruntergeladen und ihre Scans ausgeführt. Diese sehen wie folgt aus: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:33 on 21/09/2011 (Jeinsen) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 21.09.2011 12:03:53 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jeinsen\Desktop 64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,13% Memory free 16,21 Gb Paging File | 14,20 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 589,59 Gb Free Space | 63,29% Space Free | Partition Type: NTFS Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JEINSEN-PC | User Name: Jeinsen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.21 11:58:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe PRC - [2011.09.10 13:09:13 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011.08.02 05:57:18 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011.05.30 20:58:32 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe PRC - [2010.11.22 14:38:53 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009.08.05 16:30:47 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.23 23:21:03 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== MOD - [2011.09.10 13:09:13 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2011.09.10 13:09:10 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2011.09.10 13:09:10 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2011.09.10 13:09:10 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2011.09.10 13:09:10 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2010.11.22 14:38:53 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.10 13:09:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.05 16:30:47 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.23 23:21:03 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009.12.08 21:18:48 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2008.09.08 05:11:58 | 001,018,368 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2008.08.06 10:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 D4 19 B8 ED 0A CA 01 [binary data] IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-354181412-4285545107-37138446-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.31 23:34:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.31 23:34:33 | 000,000,000 | ---D | M] [2010.05.31 23:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Extensions [2011.06.24 15:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions [2010.07.01 14:22:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.17 17:54:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.24 15:47:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jeinsen\AppData\Roaming\mozilla\Firefox\Profiles\8vmdrahp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jeinsen\AppData\Roaming\Mozilla\Firefox\Profiles\8vmdrahp.default\searchplugins\icqplugin.xml [2011.01.17 10:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.17 10:56:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3:64bit: - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NvCplDaemonTool] rundll32.exe C:\Windows\system32\kload63.dll,_IWMPEvents File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Jeinsen\kload63.dll,_IWMPEvents File not found O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-354181412-4285545107-37138446-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-354181412-4285545107-37138446-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 83.169.186.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{171A20B0-4CD9-4B81-951D-5A66CCC23A8C}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{a839bf41-6d62-11de-96e5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a839bf41-6d62-11de-96e5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{b2b2f4d8-75ff-11de-aa8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b2b2f4d8-75ff-11de-aa8b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010.09.11 01:09:30 | 002,508,760 | ---- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.21 11:58:44 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe [2011.09.21 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.09.21 11:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2011.09.21 11:46:16 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jeinsen\Desktop\HJTInstall.exe [2011.09.18 12:15:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.09.17 21:57:08 | 000,000,000 | R--D | C] -- C:\Users\Jeinsen\Dropbox [2011.09.17 21:54:38 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.09.17 21:54:12 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Dropbox [2011.09.17 21:53:52 | 016,215,808 | ---- | C] (Dropbox, Inc.) -- C:\Users\Jeinsen\Desktop\Dropbox 1.1.45.exe [2011.09.08 09:55:50 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\Desktop\Addons [2011.08.28 10:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011.08.28 02:19:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Roaming\Babylon [2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Jeinsen\AppData\Local\Babylon [2011.08.27 22:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.21 12:08:30 | 000,000,901 | ---- | M] () -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.09.21 11:58:48 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jeinsen\Desktop\OTL.exe [2011.09.21 11:57:23 | 000,000,000 | ---- | M] () -- C:\Users\Jeinsen\defogger_reenable [2011.09.21 11:56:47 | 000,050,477 | ---- | M] () -- C:\Users\Jeinsen\Desktop\Defogger.exe [2011.09.21 11:47:06 | 000,001,928 | ---- | M] () -- C:\Users\Jeinsen\Desktop\HijackThis.lnk [2011.09.21 11:46:17 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jeinsen\Desktop\HJTInstall.exe [2011.09.21 11:18:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.21 10:48:28 | 000,000,680 | ---- | M] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps.dat [2011.09.21 10:47:58 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.21 10:47:57 | 000,037,109 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.21 10:47:45 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 10:47:45 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 10:47:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.21 10:47:43 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.09.21 10:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.18 12:22:31 | 001,467,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.18 12:22:31 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.18 12:22:31 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.18 12:22:31 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.18 12:22:31 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.17 21:57:08 | 000,000,983 | ---- | M] () -- C:\Users\Jeinsen\Desktop\Dropbox.lnk [2011.09.17 21:54:05 | 016,215,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeinsen\Desktop\Dropbox 1.1.45.exe [2011.08.31 14:48:37 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.08.28 02:19:40 | 000,000,911 | ---- | M] () -- C:\Users\Jeinsen\Desktop\World of Warcraft-Installationsprogramm.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.21 11:57:23 | 000,000,000 | ---- | C] () -- C:\Users\Jeinsen\defogger_reenable [2011.09.21 11:56:47 | 000,050,477 | ---- | C] () -- C:\Users\Jeinsen\Desktop\Defogger.exe [2011.09.21 11:46:41 | 000,001,928 | ---- | C] () -- C:\Users\Jeinsen\Desktop\HijackThis.lnk [2011.09.17 23:43:40 | 000,000,901 | ---- | C] () -- C:\Users\Jeinsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk [2011.09.17 21:57:08 | 000,000,983 | ---- | C] () -- C:\Users\Jeinsen\Desktop\Dropbox.lnk [2011.08.28 02:19:40 | 000,000,911 | ---- | C] () -- C:\Users\Jeinsen\Desktop\World of Warcraft-Installationsprogramm.lnk [2011.08.28 02:05:36 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.06.14 20:29:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.03.31 15:21:36 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini [2011.01.17 10:57:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.13 14:41:51 | 000,070,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.05.31 23:34:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.04.14 14:48:09 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2009.12.28 18:54:17 | 000,048,128 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.01 20:32:27 | 000,123,732 | ---- | C] () -- C:\Windows\RollerCoaster Tycoon Uninstaller.exe [2009.07.23 16:37:39 | 000,000,680 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps.dat [2009.07.21 18:44:07 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009.07.10 17:23:05 | 000,024,414 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.07.10 17:11:14 | 000,001,460 | ---- | C] () -- C:\Users\Jeinsen\AppData\Local\d3d9caps64.dat [2009.07.10 13:05:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.07.10 13:04:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.07.10 13:04:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.10 12:16:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.07.10 11:25:55 | 000,037,109 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.10 11:25:54 | 000,037,109 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011.08.27 22:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Babylon [2009.12.24 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Bioshock [2011.09.18 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Dropbox [2011.06.24 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.23 10:14:34 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\GetRightToGo [2011.09.11 00:14:07 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\ICQ [2010.09.21 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\LolClient [2011.03.02 18:28:33 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\OpenCandy [2011.02.02 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Systweak [2011.05.15 23:20:58 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\TS3Client [2010.05.29 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Jeinsen\AppData\Roaming\Uniblue [2011.09.21 10:47:43 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011.09.20 17:35:03 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.07.10 17:11:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.10 13:54:52 | 000,000,000 | -HSD | M] -- C:\Boot [2011.09.18 18:21:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.10 17:09:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.10 11:22:19 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.11.24 22:44:19 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.31 15:07:24 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.21 11:46:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.08.27 22:53:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.07.10 17:09:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.21 12:05:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.07.10 17:11:13 | 000,000,000 | R--D | M] -- C:\Users [2011.07.14 16:30:59 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2011 12:03:53 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jeinsen\Desktop 64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,13% Memory free 16,21 Gb Paging File | 14,20 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 589,59 Gb Free Space | 63,29% Space Free | Partition Type: NTFS Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JEINSEN-PC | User Name: Jeinsen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = E1 0B B4 13 DC 5B C8 01 [binary data] "VistaSp2" = DA E8 FF 60 55 01 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01B57B48-8A46-4EBD-8B8C-79BFE3E62B5D}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{08ECCD77-490C-493E-82B2-5656B7ED68DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09E8CB96-6EE3-4444-A02F-BFB313630A52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1450B2CE-38B1-4CDF-A4C7-C63E7625E028}" = lport=138 | protocol=17 | dir=in | app=system | "{1938658F-E567-4B14-AECE-9812053038BD}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{1A25076D-69B2-4B33-A0FE-363CC04C19BB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{2A8DB9A4-D7E7-4346-B4CB-84AB98CECE3B}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | "{2B76695E-2082-4AAA-B542-4CCCAF03353E}" = lport=445 | protocol=6 | dir=in | app=system | "{2E95E7CE-0316-44E5-AA44-3B1E18C0EE87}" = rport=139 | protocol=6 | dir=out | app=system | "{33B1C6DF-F82D-4EA0-969E-09FBCC233450}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{3499E99A-56B2-4192-B996-C6AA135ABE3B}" = lport=10243 | protocol=6 | dir=in | app=system | "{3951DABB-BDB5-49A2-BE53-94CD17A537A9}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{3D9A3E3B-8143-4CB0-AE4F-54E7516B9540}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{40C36D40-16EA-40D6-BA95-9D5DB587330E}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | "{49BB125E-5F4E-4319-8A2D-5A9612AFCF1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4CFABE9B-0B30-4C0B-AA99-A926A7ED7DE9}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{5A869440-F47A-441D-B45E-19AA9E592F0A}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | "{666717AE-001E-4872-97A6-B5AED4E563B6}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | "{693675E4-78D9-456D-8FE0-1EEB6E9EB945}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{6A143D58-C2DE-4CE8-BAF2-8F8D84C06951}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6C0174D0-81E9-4FCF-89BC-BDFC908AB460}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C83F6FC-B409-45AF-A539-FA2F06AF3751}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6E451734-0713-441C-889F-30010D962077}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{74E2EBD1-CF9F-45FB-B626-DFC1E7E2B4D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78EE7094-1B9B-4FAF-8628-FCF63F7BC057}" = rport=10243 | protocol=6 | dir=out | app=system | "{79D6A8F1-4198-4CE6-BD43-907EC445D9C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A9B1569-B5F3-4BBD-95E6-E0524027CCA5}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D1CFBF6-23A3-412B-AE52-4A766FB52363}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{7FEA5935-4C11-4670-B16D-7BA6EE36A645}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{8D6231E9-973E-4C90-9C8A-574D28857D70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91B5F41C-845B-4A03-AA71-718DAF692EC3}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher | "{A05EE6BB-85CB-4E0F-83C9-31249F59C73E}" = lport=137 | protocol=17 | dir=in | app=system | "{A1E4B357-D723-4DC7-B249-8020B737DB21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A5291C41-F546-4B8E-8302-17739B845938}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{AF84EA83-A575-4967-9E4F-C2C3B2EBEFD9}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{B083E986-8A8C-4448-A3F4-3FFF52577162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B11E0AA7-C750-4351-8471-DD9F1633AB65}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{BDE0D5C0-6D27-44C7-BC5B-67465C5152FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C52CA314-A569-4A02-ADA1-511DEEB2F82F}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{C5D2AB6F-3F2E-4EF4-A06B-A56B78FF3A03}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{CBFF0136-54A1-419A-AA81-E49E438A4552}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CCA15831-16D9-4793-983B-4857C53F8AEB}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher | "{CEE7AB8B-2712-4E02-B32C-7B65D0D30864}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{D29310D0-A535-4500-8067-24C037E6D355}" = rport=138 | protocol=17 | dir=out | app=system | "{DF936A58-1638-4FE5-B25A-B8B2DAC02925}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{E13963B0-4EC2-40EB-A1D1-4E8A418685A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBBC678F-F281-42EF-906F-AA16FF59CC5E}" = rport=137 | protocol=17 | dir=out | app=system | "{F3DF208C-5EA5-4BF0-976D-603C2F53BDE7}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{F6C2D591-7874-4D73-9425-6C1175926A23}" = lport=139 | protocol=6 | dir=in | app=system | "{F95F52C2-AE19-4770-9205-5D9205C8DFAE}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{FCE2BA67-35B8-4304-95AF-86981F526C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FEEFD1BA-87AF-4585-BD58-F8A24171695C}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C10FBA-63B9-4E37-A7B9-39F51708B300}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{01D1B240-BBB5-4A9C-9D1F-8B2DDA33D916}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{02ED87E7-8915-4CDE-9921-3749D9520773}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{04026A57-FB62-459B-9D27-82A4475DABCA}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{042B4B2F-7EF7-47C4-B0FD-CB391899B5D9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{105C2037-3AA4-4C7C-B10A-3DFBB21CA2A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1253A87E-1ECF-45E7-8727-556368A025DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{12F0AE1E-4D59-40B7-84FE-11D0534D46C2}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{156A94B5-85CD-47BB-90E3-35BCD56A9E33}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{163DD763-1596-4A8A-85C0-7758253696D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{16A7CBDF-FDC6-4DBE-B3FF-3A9A3D3E46F5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1819075E-AEBD-4246-8A57-2E4F21935C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{187A3B24-398F-40A7-9DC2-E06CF9FC2F37}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1A268948-3689-4D42-A4EF-1C1F81E2001C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A46454C-A4BD-4A6D-96DE-31EFF0C748FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1A663DED-6C5E-44B4-9513-5B7D48D912F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{20B7EF90-F0B7-4962-959F-3187E5BE4286}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe | "{24697827-9DC2-49CB-93CD-3A55E05152A8}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | "{24FFCDAD-1FAA-4A51-B87E-78ACEA429EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "{2581691F-86B5-43D2-A480-5D85D33BD3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | "{26F828F9-7F64-4B4B-9792-776865A7D2C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D68DF7E-E4B1-4E1E-AE42-6848F72D260E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2E842588-6236-449A-B704-15DF6FDC6E39}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{3090C661-D4AC-4CBF-8452-2CF41B6D09FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3134C2BE-1625-49BA-845C-364259EE991A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B1F9F57-B5A6-4F3E-9F95-AAB07857CFDC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3C1C1E53-44B2-4B24-B064-7BB8D0DA81EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3C9EEEFF-E975-4AD6-B9E9-AF3496C60F9B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{4145BD2B-9F47-4347-A488-9F1FC8AB5228}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{4610299D-A108-42C8-ACB1-27165B640EAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{466282FB-87F1-4D0D-8AAC-14DC11E06E22}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | "{48BF2868-DD7F-40BD-B61D-D7565D93F165}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4E1E422C-3244-4C06-AB79-4480F5852221}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{4FE54F9E-23B6-45EF-A478-5CE1409FEA50}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | "{55D1B4B7-DA65-4E38-A35B-7B7B39ABD41D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{571BFD1E-F636-479D-9578-F3C708CA9CB7}" = protocol=6 | dir=out | app=system | "{58AB9B6B-8DB2-49F0-BEBA-5E53B84B245C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{590A7E75-6F49-4F11-A295-E461192A0412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5C6CB038-0410-4A4F-AAB9-B9472022D718}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{5F06E43B-C58C-4DD0-B318-A47612BC85C6}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{6223D45F-38D0-41E9-BC3D-DD37DC578DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{655B9E97-D8CF-46A1-832B-30A9F0892FA6}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{65BD44C6-9FF6-4D44-8B3F-8F9D12634ABA}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{664DD19B-FD4F-4CC3-B9A8-B2004730D792}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{6AA9C707-A6C9-402E-BC72-106EFB551B5D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{6BC354E1-2001-42A6-AECC-492BA574B570}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{6E8862F7-42B9-41B4-862E-6AF89A716776}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{70DBA89A-7C1F-43BA-9B7F-31AF37209994}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{72189A6C-F2D2-4500-8D50-4A00AEFDDCFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{73505ED7-CE22-4C81-8DDE-ED3852AA8F6B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{762AC233-303F-455E-A6D5-FC20ADB17DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7DA060DF-08E1-4225-BE02-BD58CD2A2379}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{85963F48-0970-48F5-BBB8-E024F6E646B4}" = protocol=17 | dir=in | app=c:\users\jeinsen\appdata\roaming\dropbox\bin\dropbox.exe | "{86385068-3AD5-4A39-9BCC-FD9C6B17FBD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8A0955BD-1ADB-4AD7-B24C-3E42422809EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C843471-C7AD-441E-A3A4-D6DE9DB2E9C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | "{9E504191-34D3-412B-87C9-4D82A0154A25}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{9F1AFD34-CD2B-4AF2-BF51-44FDC2F1A9D9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{A088F399-0DA4-40AC-94F7-5AC92C87B9FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{A14AA9EF-9031-409B-A040-4FA736782AB8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{A226FD95-94F2-4FA0-9B9E-5DEC1C27CDCE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{B3D9D966-8DC3-4BA4-954F-F15A75D285BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe | "{B5403B0C-0D75-496C-8C06-5B3C63014067}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe | "{B7FEEF77-40B4-46C8-8C2E-02CED356EDF9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{B9771492-892A-48FE-B1DA-659AE8136846}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{C00DD128-28B6-42A3-8E3C-4E15AA9E2270}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{C16D7190-E5A4-4CF1-BCBB-8D82A7DC5C07}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{C49D2B91-134F-4141-9A39-3063AD068C0F}" = protocol=6 | dir=in | app=c:\users\jeinsen\appdata\roaming\dropbox\bin\dropbox.exe | "{C4AD6766-7328-4857-867F-6B812141C453}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C7C7DEB4-E3E7-4FCA-BACE-B3468CBE7F5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C8BE7B6A-614B-4465-820A-4DF9EED45531}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "{CA2E8FE3-18AA-4218-BFFB-021B6C708EF6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D21CB244-9756-400B-B6ED-76F32E47E705}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{D8040CCC-A9E1-4D46-B34F-9A69A04F1DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe | "{DAEB99E0-49D5-41CD-B290-9D2835E5F054}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | "{DB4FDC52-E2A7-4169-9B2B-A6C72AFF5586}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E1E9C2D4-6CB1-4B9C-9938-1106B3178803}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E39335FF-4CC7-442E-A62E-B47568C472EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E67860D3-B579-424D-A7FF-AF78AB241BEE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | "{F07145FD-F6E4-4471-86DD-50A6A85A10C8}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{F2DE61FB-952E-44BA-876A-C05630A05F1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{FA43EE7F-F65C-4549-9A1B-6ABBE06B4A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | "{FA9AC21F-5214-47E0-AC4B-97E8F4B7FFC0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{FB7B5DFD-50A8-4F3B-B711-157F544F84F3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FBA9D747-AB95-4168-B702-7B1A551A6349}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "TCP Query User{03D24B6C-4064-46EA-8A5E-F2574FAC5C41}E:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{03F9B10B-53A5-4930-9B5F-354EC20081A8}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | "TCP Query User{05B6746A-679B-46A6-BB6D-5D17A5D0BD6A}C:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe | "TCP Query User{1A56FAF9-0FD1-4C43-827B-F0AE5755E63B}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{20F06A03-DB0D-4E7E-B355-0E91C61B1BFC}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{221FBE84-AB9E-400B-95E5-2995EEA26978}C:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe | "TCP Query User{2330B5C1-9905-43F0-ABAE-4AA39E187B76}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{2FA1DCD1-372B-40B0-BC30-8DC658ED50EC}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{3A4E7AA4-C271-432A-84A6-F48571D742E0}C:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe | "TCP Query User{4C3CB885-0F1E-4C16-8ACB-DBFAC8593F87}C:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe | "TCP Query User{4F53EF8D-6213-4065-A2E0-CD0C25CD65A9}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{50CE36D7-2BBB-4E21-95EA-A27A2826D545}C:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe | "TCP Query User{59562EEA-678E-498D-9DB4-F5ABC0B82F7D}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{59CE48A8-F0A3-47A5-A310-FDEE11CAD032}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "TCP Query User{66B01652-546C-4AF5-A982-A3186EF85648}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "TCP Query User{71F64158-23C6-480E-9409-3E344740963D}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{80E90C35-9852-4F37-A7EE-D73E8F50A437}C:\users\jeinsen\desktop\lan\games\insane\game.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\insane\game.exe | "TCP Query User{9410D85B-BFF8-4891-A702-F6AD730E8681}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "TCP Query User{A2293ECD-3FF6-468D-8F37-A0410EE49DCC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{A765B077-E34B-40D0-A490-29954F642655}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "TCP Query User{B4F6D539-DDB4-44E9-9C95-66BDA4C5BF48}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{BCB655A6-40EF-4E68-BE28-EAB944929902}C:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | "TCP Query User{BF38CC3A-E907-4658-9293-D6688AE22D20}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | "TCP Query User{C43A0DD3-CED1-4301-BB66-2A6BB33C56F1}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | "TCP Query User{CC874943-3320-4AD9-B2DB-78B8FD257BB7}C:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe | "TCP Query User{D0D1FF93-A3A4-4983-9396-052A1EAABA37}C:\users\jeinsen\desktop\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\cod 2\cod2mp_s.exe | "TCP Query User{DBDFC3BF-5EA0-43E3-8F2D-B4CAAB6C8C78}C:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe | "TCP Query User{DE20A440-58CA-4ECC-89F6-8272B37E7557}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{E0EF57C7-2F69-4F4C-A872-D385B9623451}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{E7556AB4-3853-490D-98AF-AB171C9BC46B}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "TCP Query User{ECAB71FF-833F-4813-87DA-2E3387D5899D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{EE1978B7-DE2B-4289-A3C4-86E2C579DF74}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | "TCP Query User{F6A4C589-0077-4A71-BE76-697BC6176474}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{FAFA110E-BA3F-424D-9AF2-9103CC517502}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "UDP Query User{055109F2-78D5-4737-BB29-503F6FA99B80}C:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\dfbhd\dfbhd.exe | "UDP Query User{0BEAE87B-D026-40EA-A080-E9E52B3F367A}C:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\warcraft iii (lan)\war3.exe | "UDP Query User{11D04BEB-00F6-4121-8D93-C05D1C6E73E8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{1C3FE5C7-4CFF-413C-B502-9255E7F5661A}C:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\worms world party\wwp.exe | "UDP Query User{26BC498A-4706-4A78-8451-3332F33989E4}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "UDP Query User{2E2179C7-32FD-4F55-8CFA-447FC78AFE3F}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | "UDP Query User{3EA37B34-7C89-4252-83B8-2A4370731B32}C:\users\jeinsen\desktop\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\cod 2\cod2mp_s.exe | "UDP Query User{54C65636-F5E1-4E26-BE06-101206C8E465}C:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\mohaa\mohaa.exe | "UDP Query User{5DA702B5-F525-47D4-B777-1DBF19BED9A5}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "UDP Query User{5E452619-CF43-42D4-9FC0-78E05C55808E}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "UDP Query User{5E8D2262-B063-449F-A52A-6AFA6AE174E2}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{62681FEB-6724-454E-A15D-DDB1063DD9EB}C:\users\jeinsen\desktop\lan\games\insane\game.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\insane\game.exe | "UDP Query User{68BD5CEF-FB4E-4414-889A-EC227AD3D5AF}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{73EB146C-D1D1-4458-9BB6-0BE5B8D6E9FF}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "UDP Query User{79F1412B-584D-4B1A-B10B-94A865D5240E}E:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\stuff\games\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{8007BFF0-3DD3-494A-9925-92E51075753A}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{803A3BEA-3F86-41EE-8A6F-961F67FAE915}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{8F6A5FFB-C523-46A3-A7A1-C9E7181042D5}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{911E4EDD-E25C-423C-A2AF-3AA80FCEDE2F}C:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\trackmania\tmunited.exe | "UDP Query User{91704EFF-CE94-401D-B4D8-884CCF98FCD3}C:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\warcraft iii\war3.exe | "UDP Query User{99079994-E8CF-4F3E-8A4A-A70436B23DF4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{A45E9168-AD0B-4EF4-B27F-83A92A9DB592}C:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\day of defeat source\hl2.exe | "UDP Query User{A97AD7F9-E7E9-4794-A369-F8B0FFB92474}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | "UDP Query User{AB6EE02C-5336-423B-A958-73C701A37596}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "UDP Query User{CE37C2D9-3662-4F9C-B43B-3BFF026A61A0}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{D35131E9-6B46-4580-824E-0CF5560910D1}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{D611E65A-7121-45EF-AFF3-44885452BE4E}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "UDP Query User{DE50E430-A11A-438A-B7EF-3BB1253A5C5F}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{E1128C65-D7F4-4FCC-A034-DE9B235363D4}C:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\niklasj91\counter-strike source\hl2.exe | "UDP Query User{E32DCE48-52F5-44ED-BC44-77E30A7896B6}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{E3D7258C-C954-45FE-A078-0D79FD7F5DC5}C:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\cod 2\cod2mp_s.exe | "UDP Query User{E59CB4EF-CC51-4E88-91C6-C40256F4AEF7}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | "UDP Query User{EE2025BB-F7AB-474E-855F-E396E0C4A955}C:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jeinsen\desktop\lan\games\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{FAC1453E-003F-4DA9-8512-C5796C257BF4}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "PK-PCSU_is1" = PC Beschleunigen [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{231E5C2B-8975-4E57-814B-BB137890C016}" = Europa Führerschein "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602 "HijackThis" = HijackThis 2.0.2 "hon" = Heroes of Newerth "ICQToolbar" = ICQ Toolbar "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM) "League of Legends_is1" = League of Legends "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "PokerStars.net" = PokerStars.net "RollerCoaster Tycoon" = RollerCoaster Tycoon "StarCraft II" = StarCraft II "Steam App 20570" = Warhammer® 40,000â„¢: Dawn of War® II – Chaos Risingâ„¢ "Steam App 240" = Counter-Strike: Source "Steam App 300" = Day of Defeat: Source "Steam App 320" = Half-Life 2: Deathmatch "Steam App 340" = Half-Life 2: Lost Coast "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TmUnited_is1" = TrackMania United 0.2.0.8 "Uniblue RegistryBooster" = Uniblue RegistryBooster "VLC media player" = VLC media player 1.0.3 "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-354181412-4285545107-37138446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "World of Logs Client" = World of Logs Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.08.2011 12:14:41 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.08.2011 12:14:41 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.08.2011 12:14:42 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.08.2011 12:15:51 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13.08.2011 12:15:51 | Computer Name = Jeinsen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.08.2011 05:35:10 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10 Description = Error - 14.08.2011 12:00:43 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10 Description = Error - 15.08.2011 04:29:51 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10 Description = Error - 15.08.2011 17:41:59 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10 Description = Error - 16.08.2011 05:21:43 | Computer Name = Jeinsen-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 20.09.2011 05:28:37 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 20.09.2011 05:51:04 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 20.09.2011 05:52:41 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 20.09.2011 06:30:28 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 20.09.2011 06:48:59 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 20.09.2011 07:54:47 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 21.09.2011 04:49:21 | Computer Name = Jeinsen-PC | Source = Service Control Manager | ID = 7026 Description = Error - 21.09.2011 04:49:21 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 21.09.2011 04:49:46 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = Error - 21.09.2011 04:56:05 | Computer Name = Jeinsen-PC | Source = DCOM | ID = 10016 Description = < End of report > und alles wieder neu draufzuspielen, was sehr schade wäre, denn ich habe momentan viele Vorstellungsgespräche und wichtige Unidokumente auf meinen PC! Ich Danke und hoffe, dass Problem ausreichend beschrieben zu haben. |
21.09.2011, 15:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Führe danach auch bitte ESET aus, danach sehen wir weiter. ESET Online Scanner
n.
__________________ |
Themen zu Trojaner:"TR/PSW.Sinowal.Y.3585 / / /C:\Users\Jeinsen\kload63.VIR ...was nun? |
64-bit, antivirus, autorun, avira, bho, c:\windows\system32\rundll32.exe, call of duty, converter, counter-strike source, downloader, error, fehlermeldung, firefox, format, grand theft auto, helper, hijack, home, intranet, langsam, league of legends, logfile, mp3, plug-in, problem, realtek, rundll, shortcut, software, svchost.exe, teamspeak, trojaner, udp, vdeck.exe, vista |