|
Log-Analyse und Auswertung: Windows System gefährdet - 50 Euro bezahlenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.04.2012, 09:22 | #1 |
| Windows System gefährdet - 50 Euro bezahlen Hallo, mich hat es offenbar auch erwischt - war wohl auf der falschen Seite, denn nach dem Aufpoppen eines Werbebanners, meckerte zuerst Malwarebytes und dann wurde der Bildschirm schwarz mit dem o.g. Hinweis und einem Fenster, wo ich bezahlen kann. Folgt man dem Link ist im Hintergrund dann eine deutsche Flagge zu sehen und mehrere Bezahloptionen werden angeboten. Ein Scan mit Malwarebytes und Antivir ergab nichts - ebenso nicht mit der Kaspersky Rescue Disc. Lustigerweise kann man den Virus offenbar austricksen, denn wenn ich die Onlineverbindung kappe und das Kabel ziehe, kann ich den Rechner normal hochfahren. Verbinde ich den Rechner dann wieder mit dem Internet (Stecker wieder rein) dauert es ca. 5-10 Minuten und das Fenster kommt wieder. Bis dahin kann ich fast normal arbeiten. Im abgesicherten Modus passiert gar nichts - also normal. Hier sind die OTL Logdateien. Wäre prima, wenn mir jemand helfen könnte - vielen Dank schon mal im voraus. Lg NGD OLT.txt: OTL logfile created on: 06.04.2012 09:57:53 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NewGoldDream\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,50% Memory free 16,05 Gb Paging File | 15,40 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 781,25 Gb Total Space | 266,68 Gb Free Space | 34,13% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: NEWGOLDDREAM-PC | User Name: NewGoldDream | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\NewGoldDream\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 1B F6 60 21 6F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.30 01:26:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011.06.16 23:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NewGoldDream\AppData\Roaming\mozilla\Extensions [2012.02.11 20:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.05 23:57:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.30 01:26:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.29 08:51:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.29 08:51:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.29 08:51:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.29 08:51:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.29 08:51:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.29 08:51:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Winload = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk\2.0.1.4_0\ CHR - Extension: Google Mail = C:\Users\NewGoldDream\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.06.16 15:56:03 | 000,001,250 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DIMUpdate wird heruntergeladen...1300677038363] C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe (Corel Corporation) O4 - HKCU..\Run: [SkypePM] C:\Users\NewGoldDream\AppData\Local\Skype\SkypePM.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A8F9246-AA30-4A7A-B769-A3C7FD6CA700}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.06 09:35:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\NewGoldDream\Desktop\OTL.exe [2012.04.05 15:54:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.04.02 01:55:02 | 000,000,000 | ---D | C] -- C:\Users\NewGoldDream\Desktop\schwarzer stick [2012.03.30 23:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.03.30 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome ========== Files - Modified Within 30 Days ========== [2012.04.06 09:56:59 | 001,560,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.06 09:56:59 | 000,670,586 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.06 09:56:59 | 000,631,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.06 09:56:59 | 000,144,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.06 09:56:59 | 000,118,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.06 09:54:37 | 000,001,356 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps.dat [2012.04.06 09:52:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.06 09:35:26 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NewGoldDream\Desktop\OTL.exe [2012.04.06 09:28:10 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.06 09:28:10 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.06 09:28:09 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.06 09:01:10 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.05 15:02:28 | 000,001,866 | ---- | M] () -- C:\Users\NewGoldDream\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.04.05 15:02:28 | 000,001,795 | ---- | M] () -- C:\Users\NewGoldDream\Desktop\Avira DE-Cleaner.lnk [2012.03.30 23:03:14 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.03.30 23:01:30 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.03.30 01:22:06 | 000,195,072 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.16 22:04:33 | 000,000,132 | ---- | M] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe PNG Format CS5 Prefs ========== Files Created - No Company Name ========== [2012.04.05 15:02:28 | 000,001,866 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.04.05 15:02:28 | 000,001,795 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\Avira DE-Cleaner.lnk [2012.03.30 23:03:14 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.03.30 23:01:30 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.03.08 07:11:48 | 012,656,437 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\karte_innen_final_n.jpg [2012.03.08 07:11:48 | 012,144,322 | ---- | C] () -- C:\Users\NewGoldDream\Desktop\karte_aussen_final_n.jpg [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.30 15:34:40 | 000,000,132 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.08.20 15:12:44 | 000,000,132 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.08.14 22:40:39 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.08.14 22:39:30 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.06.18 20:47:44 | 000,001,356 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps.dat [2011.06.15 23:20:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.14 21:57:42 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.06.14 21:57:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.14 21:57:41 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.14 21:57:41 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.14 21:57:40 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.06.14 19:16:00 | 001,539,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.14 18:40:57 | 000,195,072 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.14 18:27:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.14 18:03:26 | 000,000,732 | ---- | C] () -- C:\Users\NewGoldDream\AppData\Local\d3d9caps64.dat ========== LOP Check ========== [2011.06.16 14:23:04 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\Canneverbe Limited [2011.06.16 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.03.23 00:08:47 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\FileZilla [2011.12.21 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\Inkscape [2011.12.13 00:56:49 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\LibreOffice [2011.08.23 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\PACE Anti-Piracy [2011.06.19 04:07:16 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\TS3Client [2011.06.14 20:01:19 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\wargaming.net [2011.06.14 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\NewGoldDream\AppData\Roaming\WinBatch [2012.04.06 09:48:53 | 000,028,076 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL extras OTL Extras logfile created on: 06.04.2012 09:57:53 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NewGoldDream\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,50% Memory free 16,05 Gb Paging File | 15,40 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 781,25 Gb Total Space | 266,68 Gb Free Space | 34,13% Space Free | Partition Type: NTFS Drive D: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: NEWGOLDDREAM-PC | User Name: NewGoldDream | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 40 B5 B2 99 C4 BA C9 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{022C61BC-9A4D-4B16-81B9-79CEAF6A113F}" = rport=139 | protocol=6 | dir=out | app=system | "{04C9A735-60A0-4E88-9928-9FCE884C3685}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{07623996-1D02-4AEA-B08D-D78F94D42E51}" = lport=139 | protocol=6 | dir=in | app=system | "{0CAE3BA7-560C-4F9D-9ABD-BE32948617B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{0E7F7950-0332-475D-BE35-C92F8D7AAAE9}" = lport=88 | protocol=17 | dir=in | name=box5 | "{1172787E-FAD9-4611-B7B8-5B6129BC3253}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A190E4F-5485-45DE-B785-9849BE0B8C18}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{1B08526F-22E6-4576-8093-6D54ED08557C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{1BC7A031-BED6-4775-9D8D-2C20F16A11B4}" = lport=445 | protocol=6 | dir=in | app=system | "{230500AD-6A3B-4099-9CC6-77176CC52211}" = lport=10244 | protocol=6 | dir=in | app=system | "{234E2B04-9E5C-4D59-8118-683AAA4F9AB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{267EC7A7-0AD9-452E-A0EF-F487B9C8303A}" = lport=2869 | protocol=6 | dir=in | app=system | "{2D7EAB4B-1BFE-48DF-A62A-88187FE195AB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{2E6BD6F0-0CF6-462D-8896-E01E430D425C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B10EC11-C0C1-45A4-9D3C-3E8D2217914A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{3F5365DB-4B4B-4ED7-A5AC-18AB19E74D95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{41FBF2B6-BF80-4499-877D-4DC4AA1DFBEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4391C042-3F8F-434F-8C83-E0A3B1BB6F31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{442EF652-7406-4C2C-823C-51F4DD0F046F}" = lport=3390 | protocol=6 | dir=in | app=system | "{44C6A79E-A1B8-49CC-BB9E-F5DD010B7A59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4891695D-BF1D-4A49-AA8E-3A2F02023FA1}" = rport=10243 | protocol=6 | dir=out | app=system | "{4E32151E-3293-41E6-A3B8-3FA5769F9C5F}" = lport=3074 | protocol=17 | dir=in | name=box4 | "{4EB74989-287C-4725-A709-3807A4B68D7F}" = lport=138 | protocol=17 | dir=in | app=system | "{506D8EBE-BCA9-4953-99BC-337C45BAB48E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{543EFA33-50F8-423D-91A3-0CCE1481854A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{6958E907-F915-4FC2-83B5-FF7BE4941040}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{69B1ED26-658F-4827-96AA-267159F7D055}" = lport=53 | protocol=6 | dir=in | name=box2 | "{6AD2E120-9174-4934-92C8-4E58D4C31692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{78B1DF76-1449-48EA-ACB8-29C07B7CF69A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{81F772D5-3DF9-4CA7-BD46-1F0D400D181D}" = lport=3390 | protocol=6 | dir=in | app=system | "{870754CC-D125-421D-9508-686814A41A8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8712496C-DECB-499E-BA78-0955AAA52DB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8A476AB3-CFAE-4D61-9FCF-B9B56BEDD3A7}" = rport=137 | protocol=17 | dir=out | app=system | "{8B462ECB-B51C-4A29-B563-5CF6394C4C86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{8EF9FA4B-08E2-49D4-A258-30C1B5B8636E}" = lport=10243 | protocol=6 | dir=in | app=system | "{918C7526-4CB0-41B6-B30D-1C22DB57037B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{93A1E0F8-D4EA-4C16-87AC-022B1B17E63C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{96951C03-1A47-4D2F-829B-78E60F4D57D3}" = lport=10244 | protocol=6 | dir=in | app=system | "{A0BB5E30-86A6-4462-B7E2-5F0DC8295D49}" = rport=10244 | protocol=6 | dir=out | app=system | "{A0DC74ED-F308-46C4-8DC4-96C2440766B0}" = lport=53 | protocol=17 | dir=in | name=box6 | "{A2B30B27-4701-46A6-BB5C-157265304725}" = lport=3074 | protocol=6 | dir=in | name=box1 | "{A4B2AD3B-CBBB-4732-A337-0ABBEC19ADCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AA1C07F7-167C-4F4D-92D2-CB2F2009F31B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AB6D6A61-DDF5-4E78-968C-0D8D75EB028E}" = lport=80 | protocol=6 | dir=in | name=box3 | "{B0BEA3AF-541B-4CD1-A605-88AA8DA114CC}" = rport=10244 | protocol=6 | dir=out | app=system | "{B1B9A990-D50C-4269-AA49-DCA67456C084}" = rport=445 | protocol=6 | dir=out | app=system | "{B78E3EAD-A140-47D7-BB17-147359E9E1FF}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | "{BF76EBDF-11A6-4CDE-B0F7-51D788E1D13E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{C6AC945B-CE0C-4FB9-AF89-8B40D92F3B95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C711A023-A7B8-4DFC-BF95-9D17FDDA3986}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{C8745D54-8A83-48DB-9375-0E6142B3F9E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CCD55F14-454F-4620-B7F1-94AED0946CC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF7AADCB-1A0A-4C9C-9CEF-01B609DE1EFB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{D2027A74-3C8F-4C86-9176-B955EBD564BF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{D2AC1A7D-57A4-4A90-A597-8D21914D8C1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4735D8E-D8AF-48F7-96DD-4C3B706C8AA9}" = rport=138 | protocol=17 | dir=out | app=system | "{D802F146-9A0A-4D96-8527-749CC40F6F3C}" = lport=137 | protocol=17 | dir=in | app=system | "{D85079B4-11DD-4617-A8A7-5C3FA97B55B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{E028E864-8D61-42F5-8A48-EACC3F1A542F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E30B62DF-98CA-43C9-B060-287840FD6070}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA58DF94-213D-4E3E-974E-527D442B9439}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{FE61F566-A13C-4769-A7E9-ADE7EC3A7609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{010045D3-8C52-459B-B244-E7F004FED6C5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{043BD740-F293-449B-915D-07E9629F34D0}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{091CFFA3-1071-4602-8160-2B2745D945AA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{09545845-C6CF-4470-8355-E49E6D2C592C}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{12674530-8595-4790-B284-CFE8514F17E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{141C0689-AFDD-4EDF-81A4-A86346525B89}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderd3d.exe | "{1C2789BD-E27A-4D16-9F1D-29AF6E112A94}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{1DB6F067-D429-434A-A718-AC2E6A08969F}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{23578936-E85B-4AB6-856F-B558F4C63609}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{259BC022-63EA-41B5-85EC-EEFA7E956A72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2704FA51-7BEF-4DAD-AECC-015B3DFA24F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{29CEFF54-D948-413D-9F9D-C88AFC7D1F42}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{2FC2DEBF-31FE-4926-B5F0-DC137EBB60A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2FF380C5-621C-4202-B995-506F5130B46D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{306C9C4D-BD7F-41C7-89B6-656F9691B36E}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{346BD889-4217-49FC-8A21-73E6059637CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3C9EACB3-312E-4F6C-8103-8D135E09EC5A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{459FB79D-4F29-4C63-BA33-60A3432F7BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{45B7364B-C5B6-4D1F-A74D-C37835430BB2}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "{45E550CF-3EE8-4075-AA1A-A604BABCD184}" = protocol=6 | dir=in | app=c:\program files (x86)\xp codec pack\filters\ac3config.exe | "{4B05D133-2B66-4625-AFF7-FA9F0303A81A}" = protocol=6 | dir=out | app=system | "{4C1AD7BB-EF3F-42C3-B46F-F326C0023FD0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{4E5AC41B-AC14-4135-B0CD-7DCE22409D7E}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{50A115C5-7320-48DC-A41D-BD5FF4485C17}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{515D2D8C-B75C-4105-9A72-A7A7419702B2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{5932BEBE-6A55-4D93-9106-627DF3BC2198}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{5B836BF6-D08B-40DD-BDCD-0C0BCDE7DDD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5D960E9E-8AEB-4E95-8DA2-DFF49F17F3D5}" = protocol=6 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe | "{66F11AAC-4A30-4985-9DE3-BE1682DE1E46}" = protocol=17 | dir=in | app=c:\program files (x86)\xp codec pack\filters\ac3config.exe | "{670BBC2A-CACD-4D49-A9FE-6C884CE682B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6877C588-22A2-45B4-9FFF-02938F95E1F1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{6A50ADF5-F89F-4901-8B41-6EC083F021D6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{6A9A5948-3550-4F0B-A621-D711CE67DC45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6E6D6B46-49D7-4523-9782-FF0501EB5241}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{70C2640A-A9A1-4D3E-BF5D-47E9EF0562F9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{72D4600C-F3C8-4CD4-9E02-C198E5371ED9}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{73D16EF3-58E1-438A-BB09-F6EB0F579A71}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{74F9DA40-0ADC-475B-8154-6D95D2232021}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7B7C85D5-C6DB-47AE-8340-6F3075F23920}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{81FD57F6-111C-47A0-9842-DB23CA651F80}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{84D9DBEB-9FFA-4687-976C-6173DC75CA26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{87BD3982-17B9-4566-81B2-EF73767A421C}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{88410002-BE6A-4951-82DE-12F65F61C58E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8A0AB629-B60E-43F6-AFAC-006A9500B41A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8EAA176D-98D3-450F-BC5D-039FFA677EFD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{95EB8237-C670-440A-ADD4-D72E71E2B8CA}" = protocol=6 | dir=out | app=system | "{971CF607-A378-41D3-8C79-E8E54B1BC4B5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{978EFF02-F264-4E44-A7D8-64E1AF022A30}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{99C6891B-E4F7-4BBD-B547-184B867FA039}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | "{9BA25E61-15E8-40BD-9675-14E4607DB1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | "{9F43019F-9C23-4268-8BE2-71D6A5CFB14F}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jdownloaderd3d.exe | "{A427B354-C74D-4488-8A1D-9695383E6D24}" = protocol=17 | dir=in | app=c:\program files\teamspeak 3 client\ts3client_win64.exe | "{A61A5273-21C2-4CBC-8013-8DDB3DBED060}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "{B4367F8F-D5F0-4D6C-A54A-9273548B693E}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe | "{BA169822-452F-41AD-B41E-B90E98F61504}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BB4D5FD2-04F6-4E46-84F6-E2E25F742E6B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{C0A5AFAC-736C-4C6A-B451-6F6B9F520791}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{C33A139C-F718-4E80-9544-B6E2CB76F1F6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{C4BDD1F2-B02F-484B-BD82-3C1FC1263AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe | "{C7EC6A9E-CA88-46CE-844F-567E54E692AC}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{C8A2407C-4134-4C94-A90B-8E90238B9790}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CBC60020-7B53-4DB6-8A20-1CC3CEA9C0F2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D8DB2731-EFBE-4CCC-B436-9FE01D421694}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E2E354DD-A436-46A7-82EF-183A5D5374B1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{EAF533BA-ABBE-4D85-80DE-75FA5B96D0C2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{FC9ECE39-EB33-4757-8BAD-7EDCC7635E13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FCDB0879-3268-4972-B318-01EFE0B4A480}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{FE6AB42B-CE2A-4ADF-87BE-C832F1CF0B51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FFE3B2EE-3742-4472-AFC6-D4C92EDA09D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{356A322D-DCA7-4038-8CE2-2CAEF641D285}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{3CC876F7-1BA4-4090-B8C7-4DD212D98C04}C:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe | "TCP Query User{86A841A6-6C21-430B-BA51-F2050D89B5E1}C:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe | "TCP Query User{A40768BB-C0A9-409C-8614-B60CD120B582}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "TCP Query User{D727C075-C225-4D34-A59A-E71989FAAF75}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{EB902C8A-920E-465D-AD22-93DC50D5C687}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{0AB4E3D7-64FF-4688-8826-FC1F7B59942F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{434C05D0-BD76-45F3-A16F-B86ED8D31CF3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{565B7949-9B78-4CC8-8283-B85B35E52DF7}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "UDP Query User{6B633E91-A577-4472-8FDC-28922E76FDD0}C:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\newgolddream\appdata\local\temp\76b8c1d0733a4c65b6ea88edc2b54ebf\relicdownloader.exe | "UDP Query User{B3BE4E29-525C-421E-A43B-621255CCF6E2}C:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\newgolddream\appdata\local\temp\4a02d7123d44455e80e0d90ccd00810c\relicdownloader.exe | "UDP Query User{FD860A1D-BD95-4F1E-97D4-20C903E03393}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "EPSON Printer and Utilities" = EPSON-Drucker-Software "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007 "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_SharePointDesigner_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CD068533-1A20-47F6-B1A2-196725B1320F}" = LibreOffice 3.3 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "1489-3350-5074-6281" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Blitzkrieg" = Blitzkrieg Mod "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "Company of Heroes" = Company of Heroes "DVD Shrink_is1" = DVD Shrink 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FileZilla Client" = FileZilla Client 3.2.7.1 "Google Chrome" = Google Chrome "Inkscape" = Inkscape 0.42 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "SharePointDesigner" = Microsoft Office SharePoint Designer 2007 "VLC media player" = VLC media player 1.1.11 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced PDF Password Recovery" = Advanced PDF Password Recovery ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
06.04.2012, 16:23 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows System gefährdet - 50 Euro bezahlenCode:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
__________________ |
06.04.2012, 18:01 | #3 |
| Windows System gefährdet - 50 Euro bezahlen Danke für die konstruktive Antwort - hab das progi aber schon deutlich länger als den Virus. Und by the way auch ein gekauftes CSS4.
__________________ |
06.04.2012, 18:05 | #4 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows System gefährdet - 50 Euro bezahlenZitat:
Zitat:
Nur weil du eine CS4 Lizenz hast kannst du nicht ein raubkopiertes CS5 installieren und das als legal deklarieren Gecrackte Programme sind und bleiben illegal und v.a. haben dieses ein großes Schadenspotential! Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows System gefährdet - 50 Euro bezahlen |
50 euro trojaner, antivir, application/pdf, application/pdf:, avira, bho, bildschirm, bonjour, entfernen, error, euro, excel, firefox, flash player, google earth, home, install.exe, jdownloader, kaspersky, langs, logfile, microsoft office word, monitor.exe, plug-in, policyagent, prima, realtek, registry cleaner, scan, searchscopes, security, security update, senden, software, super, svchost.exe, system, teamspeak, tracker, version=1.0, virus, vista, visual studio, windows, windows gefährdet |