![]() |
Log-Analyse und Auswertung: GVU Trojaner - OTL LogWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() GVU Trojaner - OTL Log Hi leute, heute hat mich der GVU Trojaner (mit Webcamfenster) erwischt. Er blockiert den Bildschirm immer wenn eine Netzwerkverbindung da ist, ohne Netzwerkverbindung läuft der PC. Ich hatte schon mal ein wenig gegoogled und habe dort gelesen, dass man den PC mit einem OTL Fix wieder läuffähig machen kann. Allerdings habe ich von Logfile-Auswertung keine Ahnung. Ich hoffe ihr könnt mir helfen. MFG Marcel OTL.Txt Code:
ATTFilter OTL logfile created on: 22.06.2012 23:35:33 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Admin\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,36% Memory free 7,96 Gb Paging File | 6,44 Gb Available in Paging File | 80,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,93 Gb Total Space | 4,89 Gb Free Space | 6,44% Space Free | Partition Type: NTFS Drive D: | 115,18 Gb Total Space | 3,55 Gb Free Space | 3,08% Space Free | Partition Type: NTFS Drive E: | 117,70 Gb Total Space | 8,01 Gb Free Space | 6,81% Space Free | Partition Type: NTFS Drive F: | 177,11 Gb Total Space | 8,55 Gb Free Space | 4,83% Space Free | Partition Type: NTFS Drive G: | 45,04 Gb Total Space | 5,48 Gb Free Space | 12,17% Space Free | Partition Type: NTFS Drive H: | 698,63 Gb Total Space | 17,17 Gb Free Space | 2,46% Space Free | Partition Type: NTFS Drive J: | 7,46 Gb Total Space | 7,18 Gb Free Space | 96,26% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 23:13:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.03.03 11:37:56 | 002,146,304 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe PRC - [2012.03.03 11:35:18 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe PRC - [2011.09.05 19:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.06.22 15:33:47 | 000,238,568 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\jork_0_typ_col.exe MOD - [2012.03.03 11:37:56 | 002,146,304 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe MOD - [2011.09.05 19:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.18 16:52:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [Disabled | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2012.03.03 11:35:18 | 000,409,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher) SRV - [2012.02.26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2011.12.09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.08.11 19:44:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.29 17:25:12 | 003,246,920 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.09.17 11:54:04 | 000,153,600 | ---- | M] (Firebird Project) [On_Demand | Stopped] -- C:\Programme\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2010.09.17 11:53:56 | 005,624,320 | ---- | M] (Firebird Project) [On_Demand | Stopped] -- C:\Programme\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.12.15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.08.11 12:14:00 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.08.11 01:27:37 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.08.11 01:27:34 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 12:03:24 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.12.03 06:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.09.25 17:39:12 | 000,270,272 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ext2fs.sys -- (Ext2fs) DRV:64bit: - [2008.08.28 22:49:20 | 000,080,320 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ifsmount.sys -- (IfsMount) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2011.11.20 03:29:52 | 000,202,592 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv) DRV - [2011.06.02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [1999.10.21 12:12:52 | 000,020,400 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\entech.sys -- (ENTECH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 33 EB 4A 9B 7F CC 01 [binary data] IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\..\SearchScopes\{A43319C2-2748-4727-8922-B788DA63D3CA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=bc460a0a-5860-405b-8c50-69b5a8329ee5&apn_sauid=2AC37821-395A-48A9-9BA3-9B96DEF7BF18 IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = london.tuvpn.com:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..network.proxy.backup.ftp: "london1.tuvpn.com" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "london1.tuvpn.com" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "london1.tuvpn.com" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "london.tuvpn.com" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "london.tuvpn.com" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost,,,," FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "london.tuvpn.com" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "london.tuvpn.com" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.22 00:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 16:52:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.18 17:35:21 | 000,000,000 | ---D | M] [2012.04.11 03:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.05.05 14:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\p7e30kt8.default\extensions [2012.02.12 18:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.08 19:02:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.10 16:43:31 | 000,623,219 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P7E30KT8.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI [2012.06.18 16:52:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.26 19:18:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.26 19:18:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.26 19:18:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.26 19:18:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.26 19:18:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.26 19:18:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.05.18 20:05:06 | 000,003,334 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: 209-34-83-73.ood.opsource.net O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: 3dns-1.adobe.com O1 - Hosts: 3dns-2.adobe.com O1 - Hosts: 3dns-3.adobe.com O1 - Hosts: 3dns-4.adobe.com O1 - Hosts: 3dns.adobe.com O1 - Hosts: CRL.VERISIGN.NET O1 - Hosts: 40 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe () O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000..\Run: [TpScrex] C:\ProgramData\TpScrex\TpScrex.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3669CCAB-AFA7-45A2-B59E-F4752F2CD8B1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C83ABE33-60B0-4D26-A122-4AF48504087E}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{be6e6740-c402-11e0-92b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{be6e6740-c402-11e0-92b0-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 23:22:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.06.21 16:08:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackBox Simulation [2012.06.21 16:01:54 | 193,738,038 | ---- | C] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_3.exe [2012.06.19 03:18:07 | 193,732,166 | ---- | C] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_2.exe [2012.06.18 16:54:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\BBS_A320_Review [2012.06.18 16:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.18 16:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.06.18 16:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.06.18 16:50:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.18 16:46:53 | 000,000,000 | ---D | C] -- C:\AMD [2012.06.18 14:48:09 | 193,416,478 | ---- | C] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_1.exe [2012.06.18 14:10:21 | 189,935,267 | ---- | C] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup.exe [2012.06.17 14:38:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\!!!VDK-Dokument_Christine [2012.06.11 19:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.06.11 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ManyCam [2012.06.11 19:50:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ManyCam [2012.06.11 19:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.06.11 19:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.06.11 19:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2012.06.11 19:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.06.11 19:49:13 | 012,276,952 | ---- | C] (ManyCam LLC) -- C:\Users\Admin\Documents\ManyCamSetup.exe [2012.06.11 19:26:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia [2012.06.06 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Loyc [2012.06.06 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Fiewaz [2012.06.06 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Eswo [2012.06.05 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Efox [2012.06.05 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Yddo [2012.06.05 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Inud [2012.06.05 02:27:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\teamspeak2 [2012.06.05 02:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2 [2012.06.05 02:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2 [2012.06.05 02:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.06.05 02:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012.06.05 02:26:32 | 032,112,904 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Admin\Documents\TeamSpeak3-Client-win64-3.0.6.exe [2012.06.03 18:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\NSV [2012.05.30 22:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [2012.05.30 22:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter [2012.05.30 22:59:38 | 004,561,297 | ---- | C] (Alexander Vigovsky ) -- C:\Users\Admin\Documents\ac3filter_2_2a.exe [2012.05.30 22:57:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Player Classic [2012.05.30 22:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 [2012.05.30 22:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.05.30 22:55:36 | 006,401,754 | ---- | C] (MPC-HC Team ) -- C:\Users\Admin\Documents\MPC-HC. [2012.05.30 22:55:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\TSVNCache [2012.05.30 17:45:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TortoiseSVN [2012.05.30 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Subversion [2012.05.30 17:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN [2012.05.30 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN [2012.05.30 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays [2012.05.30 17:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays [2012.05.29 22:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beamer Sound to Light [2012.05.29 22:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beamer Sound to Light [2012.05.29 22:55:45 | 005,268,980 | ---- | C] (Daniel Förstmann ) -- C:\Users\Admin\Documents\BeamerSoundToLight.exe [2012.05.27 17:02:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 23:24:02 | 001,628,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.22 23:24:02 | 000,702,480 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.22 23:24:02 | 000,657,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.22 23:24:02 | 000,150,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.22 23:24:02 | 000,122,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.22 23:13:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2012.06.22 22:56:26 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.22 22:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.22 19:23:42 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 19:23:42 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 19:19:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.22 19:18:43 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.06.22 19:18:11 | 3205,853,184 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:18:09 | 000,118,668 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.22 19:16:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.22 15:33:47 | 000,001,893 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.21 16:07:52 | 193,738,038 | ---- | M] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_3.exe [2012.06.19 03:42:40 | 005,068,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.19 03:23:56 | 193,732,166 | ---- | M] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_2.exe [2012.06.18 18:47:34 | 002,354,176 | ---- | M] () -- C:\Users\Admin\Documents\msxml.msi [2012.06.18 14:54:03 | 193,416,478 | ---- | M] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup_1.exe [2012.06.18 14:16:07 | 189,935,267 | ---- | M] (BlackBox Simulation) -- C:\Users\Admin\Documents\Airbus Xtreme Prologue Setup.exe [2012.06.12 14:57:45 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI [2012.06.11 19:50:37 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.06.11 19:49:33 | 012,276,952 | ---- | M] (ManyCam LLC) -- C:\Users\Admin\Documents\ManyCamSetup.exe [2012.06.11 12:01:12 | 000,021,262 | R--- | M] () -- C:\Users\Admin\Documents\PB_Überweisung_KtoXXXXXXXXXXXXX_11-06-2012_1156.pdf [2012.06.05 02:27:44 | 000,000,978 | ---- | M] () -- C:\Users\Admin\Desktop\Teamspeak 2 RC2.lnk [2012.06.05 02:27:29 | 005,862,994 | ---- | M] () -- C:\Users\Admin\Documents\ts2_client_rc2_2032.exe [2012.06.05 02:26:54 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.06.05 02:26:39 | 032,112,904 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Admin\Documents\TeamSpeak3-Client-win64-3.0.6.exe [2012.05.30 22:59:39 | 004,561,297 | ---- | M] (Alexander Vigovsky ) -- C:\Users\Admin\Documents\ac3filter_2_2a.exe [2012.05.30 22:56:11 | 000,001,712 | ---- | M] () -- C:\Users\Admin\Desktop\MPC-HC x64.lnk [2012.05.30 22:55:50 | 006,401,754 | ---- | M] (MPC-HC Team ) -- C:\Users\Admin\Documents\MPC-HC. [2012.05.30 17:32:36 | 021,340,160 | ---- | M] () -- C:\Users\Admin\Documents\TortoiseSVN- [2012.05.30 12:58:45 | 000,162,118 | ---- | M] () -- C:\Users\Admin\Documents\displaytif.tiff [2012.05.29 22:56:18 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Beamer Sound to Light.lnk [2012.05.29 22:55:47 | 005,268,980 | ---- | M] (Daniel Förstmann ) -- C:\Users\Admin\Documents\BeamerSoundToLight.exe [2012.05.29 19:09:46 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB [2012.05.29 12:34:29 | 000,092,757 | ---- | M] () -- C:\Users\Admin\Documents\Geschäftsbriefvorlage m.Kopf.pdf [2012.05.27 12:02:14 | 000,000,943 | ---- | M] () -- C:\Users\Admin\Documents\hans_zimmer.m3u [2012.05.26 12:36:46 | 000,204,800 | ---- | M] () -- C:\Windows\SysNative\unrar64.dll [2012.05.24 21:36:21 | 000,093,482 | ---- | M] () -- C:\Users\Admin\Documents\DSCF1695 Kopie.jpg [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 15:33:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\loc_pyt_0_kroj.pad [2012.06.22 15:33:47 | 000,001,893 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.18 18:47:29 | 002,354,176 | ---- | C] () -- C:\Users\Admin\Documents\msxml.msi [2012.06.11 19:50:37 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.06.11 12:02:07 | 000,021,262 | R--- | C] () -- C:\Users\Admin\Documents\PB_Überweisung_KtoNr0487060701_11-06-2012_1156.pdf [2012.06.05 02:27:44 | 000,000,978 | ---- | C] () -- C:\Users\Admin\Desktop\Teamspeak 2 RC2.lnk [2012.06.05 02:27:28 | 005,862,994 | ---- | C] () -- C:\Users\Admin\Documents\ts2_client_rc2_2032.exe [2012.06.05 02:26:54 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.05.30 22:59:50 | 001,350,656 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm [2012.05.30 22:59:50 | 001,103,872 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm [2012.05.30 22:56:11 | 000,001,712 | ---- | C] () -- C:\Users\Admin\Desktop\MPC-HC x64.lnk [2012.05.30 22:56:10 | 000,204,800 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll [2012.05.30 17:31:32 | 021,340,160 | ---- | C] () -- C:\Users\Admin\Documents\TortoiseSVN- [2012.05.30 12:51:51 | 000,162,118 | ---- | C] () -- C:\Users\Admin\Documents\displaytif.tiff [2012.05.29 22:56:18 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Beamer Sound to Light.lnk [2012.05.29 12:34:28 | 000,092,757 | ---- | C] () -- C:\Users\Admin\Documents\Geschäftsbriefvorlage m.Kopf.pdf [2012.05.24 21:36:18 | 000,093,482 | ---- | C] () -- C:\Users\Admin\Documents\DSCF1695 Kopie.jpg [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.26 20:08:43 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND [2012.02.15 20:08:27 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.06 17:31:46 | 000,063,488 | ---- | C] () -- C:\Windows\SysWow64\Eztw32.dll [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.10.19 20:29:35 | 000,000,180 | ---- | C] () -- C:\Users\Admin\.packettracer [2011.10.13 20:26:34 | 000,067,584 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\chrtmp [2011.09.24 13:37:05 | 000,052,265 | ---- | C] () -- C:\Windows\MaxwellMaxPluginUninstall.exe [2011.09.24 13:29:28 | 000,056,702 | ---- | C] () -- C:\Windows\RFMaxPluginUninstall.exe [2011.09.23 17:43:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 15:41:27 | 000,000,119 | -HS- | C] () -- C:\Windows\cnerolf.bin [2011.08.11 14:45:45 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.11 01:37:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.11 01:30:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.04.16 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity [2011.09.24 13:28:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Autodesk [2012.04.29 19:56:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BosMon [2012.02.17 21:00:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Celemony Software GmbH [2011.10.17 04:06:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.20 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.bridge.PublishPanel [2011.08.11 16:57:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.04.03 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dyyno [2012.06.05 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Efox [2012.03.20 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON [2012.06.06 09:28:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Eswo [2012.06.06 09:28:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fiewaz [2012.03.29 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2012.03.09 20:41:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gelbe Liste Pharmindex [2011.11.05 16:25:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER [2012.04.19 12:50:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gomez [2011.08.11 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hex-Rays [2011.08.11 15:12:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiFi [2012.06.07 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Inud [2012.06.06 09:28:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Loyc [2011.08.11 20:12:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mael [2012.06.11 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ManyCam [2011.08.11 02:16:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAXON [2011.10.18 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia [2011.10.18 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia Ovi Suite [2011.08.14 18:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.09.23 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PACE Anti-Piracy [2011.10.18 17:40:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2011.09.23 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.04.17 15:53:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Steinberg [2012.05.30 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Subversion [2011.10.01 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SuperHideIP [2012.02.05 02:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2012.06.22 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2012.06.06 09:13:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Yddo [2012.06.22 19:18:43 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job [2012.05.30 00:50:18 | 000,028,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1267 bytes -> C:\ProgramData\Microsoft:746aD1zzIm2KUZdiiXB5ieef @Alternate Data Stream - 1254 bytes -> C:\ProgramData\Microsoft:Tcs818LWDkxH1qhx33qJ < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.06.2012 23:35:33 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Admin\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,36% Memory free 7,96 Gb Paging File | 6,44 Gb Available in Paging File | 80,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,93 Gb Total Space | 4,89 Gb Free Space | 6,44% Space Free | Partition Type: NTFS Drive D: | 115,18 Gb Total Space | 3,55 Gb Free Space | 3,08% Space Free | Partition Type: NTFS Drive E: | 117,70 Gb Total Space | 8,01 Gb Free Space | 6,81% Space Free | Partition Type: NTFS Drive F: | 177,11 Gb Total Space | 8,55 Gb Free Space | 4,83% Space Free | Partition Type: NTFS Drive G: | 45,04 Gb Total Space | 5,48 Gb Free Space | 12,17% Space Free | Partition Type: NTFS Drive H: | 698,63 Gb Total Space | 17,17 Gb Free Space | 2,46% Space Free | Partition Type: NTFS Drive J: | 7,46 Gb Total Space | 7,18 Gb Free Space | 96,26% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [RapidShareManagerEmail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG) Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{014DF382-6B30-4B13-9348-AEFFBD3ED21E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{18CD0F5D-3871-4EED-8906-FB0AE0B55603}" = lport=137 | protocol=17 | dir=in | app=system | "{291078ED-A85D-45BD-9132-14A4520D7687}" = rport=138 | protocol=17 | dir=out | app=system | "{328595E8-F587-4FF6-9ACE-1EEAD18F0B51}" = rport=139 | protocol=6 | dir=out | app=system | "{4199CE8B-034C-4FD8-BA64-4E8863A02498}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{54BC5FEC-6834-4446-8186-A07B5E856287}" = lport=445 | protocol=6 | dir=in | app=system | "{555FEDE9-4903-4A73-B4DB-08291573C1A7}" = lport=138 | protocol=17 | dir=in | app=system | "{9316C5BA-1175-47E2-B934-411798416147}" = lport=139 | protocol=6 | dir=in | app=system | "{9A12235A-023A-4E3A-A8CE-430755A44396}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9A1DD87C-0D1C-4049-992A-D717E63CF6FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A00B1775-3FA9-4340-BD90-755E40711732}" = rport=137 | protocol=17 | dir=out | app=system | "{F1ADBAE6-F25C-4264-B4B8-25BF8DB16A1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F446F276-D60C-450E-9D6C-57E0A0264B6F}" = rport=445 | protocol=6 | dir=out | app=system | "{F9A57CEF-5A49-4258-9A69-55D49E73396C}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{000EB47B-BE0A-477C-924C-44B72DEFC00E}" = protocol=17 | dir=in | app=c:\program files (x86)\ida\idag.exe | "{091B8FEC-4C50-41E4-9F5B-4437DE04C9A2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | "{0AC3D684-A6FD-4765-8F36-D7E4E54D7BCD}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe | "{0FB2FC7F-2367-4876-BE03-64FEB329D976}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{131948C7-E0E7-46A1-BADE-7D4D2386E765}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{15C97548-0346-4DBE-BB8E-A5BEAEFF5C15}" = protocol=17 | dir=in | app=c:\program files (x86)\ida\idag64.exe | "{1949D453-B26C-40C7-9A79-09EAE241050F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | "{21A353C6-05F2-445F-9D79-924EE7F12B85}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | "{27EBC09D-8ABA-4087-91AB-BDB8AAC439F6}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{2A13CA2C-78A1-4463-BCA6-1B14F1DD0568}" = protocol=6 | dir=in | app=c:\program files (x86)\ida\idag.exe | "{3495E2DE-672C-4BA0-9CDB-8196675F977F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{4366582E-7C37-4C26-B777-C47D6EF9A09B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{44FB14D9-34E7-4277-BC16-1D82A1C8D318}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{4592F75E-C6BB-42E3-976C-2184F50B2E5F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{4FC51743-D4DF-4B7A-80B6-6109D697A903}" = protocol=6 | dir=in | app=c:\program files (x86)\ida\idag64.exe | "{5B30FED3-BD94-4512-85A0-AAA9D82226D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F4928DB-A143-411F-AD27-8DDCD769494C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{6A600AED-6A41-4EE0-AFE0-07737AAE0617}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe | "{6CEB4250-4AE9-475A-9AC9-F20AB6A32D57}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe | "{6D016C0F-7D23-483B-9435-6D83FC8A105B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | "{6EC4B495-9245-4995-B2E8-ACB260F7EFAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{73D25FF9-8147-4098-9024-151968FF1CD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{772F4CC8-C2CB-440F-A7B1-EE2EB81AF899}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | "{7A01A61F-3A70-4ADD-86A6-156CA11FDDB4}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | "{82D4BA6F-F1EA-401D-9E71-2F69D29C6916}" = protocol=6 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dppm_source.exe | "{98146E99-9D70-4D84-BBDD-378D48ED60B0}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{9F82B616-EC20-420F-8B00-CB1E80ACAF12}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | "{B0344D6B-5FDD-43F6-BEA0-07F1B5B2F902}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B5544F65-23AF-4828-8FD7-87CDB0766E8B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B87C5E51-7C2D-422B-8D25-847D3FFFC5A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BA5AB2B5-D5B9-42BE-8CA9-1F02C6B3A0D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{C11BC49E-1E5F-4656-9570-7FEC03F89917}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | "{C6B52BA6-CA70-4AE5-AD6F-401D485B4E4C}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe | "{DD796D74-E1B7-4EBA-8243-A80D4F8E8321}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | "{DFB7D451-F691-4632-954B-95BB500C463F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E8D5903A-C7E5-4E31-A550-FDDD776549CD}" = protocol=17 | dir=in | app=c:\program files (x86)\dyyno\dyyno broadcaster\dgcsrv.exe | "TCP Query User{CA7A45F5-2BDB-48F2-ADA0-3AFBE7C87D4C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{2DBE146A-AD6A-48AE-96EE-78560EF3D4A6}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove) "{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5 "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{09BB8307-BD8F-4E92-9918-A4BAFD0638B3}" = Native Instruments VC 2A "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs "{1745A39F-7F25-4ADA-8ADA-FD84A6301696}" = Native Instruments VC 76 "{1AE269AE-561D-4889-8A13-C1254ACBD025}" = Native Instruments Abbey Road 80s Drums "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{28327E39-F691-44D4-BDE5-9B5B251ADD63}" = Native Instruments Komplete 8 Ultimate "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC (64-bit) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor "{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand "{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5 "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{434CC4CB-0183-4CDE-BE7F-00230BE26494}" = Native Instruments The Mouth "{4371D69B-FB6A-4A61-8477-C1B919FB2311}" = TortoiseSVN (64 bit) "{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon "{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5 "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism "{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2 "{5D1224E0-6777-4536-9D72-B0E151ED8C99}" = Native Instruments Battery Library Importer for Maschine "{5FC09265-8AAD-410D-B88D-EBAA41327056}" = Native Instruments Scarbee Funk Guitarist "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{67e13682-a5ba-4f12-ac10-4b41eacb82da}" = Native Instruments Alicias Keys "{6969a180-13e1-4393-8265-98d11903375c}" = Native Instruments Evolve Mutations 2 "{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{7608CF6F-EB13-4E89-A4F0-8732FB6EAF98}" = Maxwell Shell Extension (x64) "{7D088FD6-67B8-4186-947C-5FB4CC7227B5}" = O&O Defrag Professional "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{88E45461-E8D2-4BCA-BDEC-0405E6FB4817}" = Native Instruments Transient Master "{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIO_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIO_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIO_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIO_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIO_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010 "{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIO_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{906E3E41-5259-4C3B-A5EB-3B7F63AFEDB5}" = Native Instruments VC 160 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand "{9c1b2ca5-bf9c-4b3e-b5ac-49a9133896a3}" = Native Instruments Scarbee Jay-Bass "{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass "{AA2F4574-FD46-4897-8791-CD6CCD80E882}" = Native Instruments Evolve Mutations "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding "{b0c719eb-4c55-4b54-b37a-38b6fcd7116c}" = Native Instruments Scarbee MM-Bass Amped "{b125d937-9582-450d-951e-7b53bd94d16d}" = Native Instruments Balinese Gamelan "{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8 "{C40C08A5-A7AF-43B2-BF93-7CF67719D194}" = Native Instruments Scarbee Pre-Bass "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12 "{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire "{D69D39FC-DCC0-43F4-9524-043EE9F1C329}" = Native Instruments Abbey Road Modern Drums "{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DDDE5B61-19BD-4F64-B14C-5F81DB56DF3E}" = Native Instruments George Duke Soul Treasures "{E1B6008F-26D8-47BF-B585-6518AFE73557}" = Native Instruments Scarbee Pre-Bass Amped "{e90698e9-2c52-4079-aa1d-b341f0f5b036}" = Native Instruments Abbey Road 70s Drums "{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{f62a8337-2009-40b7-af47-0a2a1371645c}" = Native Instruments Maschine Drum Selection "{FCD398EC-9A6C-478D-82AC-96AE6FEF585D}" = Native Instruments Session Strings Pro "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CyberGhost VPN_is1" = CyberGhost VPN "EPSON Printer and Utilities" = EPSON-Drucker-Software "Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008 "FBDBServer_2_5_x64_is1" = Firebird (x64) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.VISIO" = Microsoft Visio Premium 2010 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Total Uninstall 6_is1" = Total Uninstall 6.0.0 "V-Ray for 3dsmax 2012 for x64" = V-Ray for 3dsmax 2012 for x64 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2 "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30 "{26B7F336-1369-49D6-8E4C-DC2C7BD65647}" = aerosoft's - German Airports 2-Leipzig X "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{31AECBEB-BE18-4342-B8AA-DD18F2BAC5B5}" = aerosoft's - German Airports 2-Cologne-Bonn X "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0 "{3DAD565E-1275-4EE8-9568-932CB7B75FB8}" = aerosoft's - German Airports 3 - Berlin-Tegel X "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{41583634-4D73-4826-8983-3A2CDA08A7CC}" = aerosoft's - German Airports 3 - Paderborn-Lippstadt X "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86) "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5E09FA7C-4B4A-46FB-A554-B7A88E8D7B62}" = Melodyne 3.2 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F99B229-CE71-4A8A-8359-0517191A8A89}" = aerosoft's - USCitiesX - Indianapolis "{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{91EE186F-D7A8-4B89-BF15-9C7427CAB47B}_is1" = Beamer Sound to Light 0.62 "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{93878DDD-E621-4AFF-8203-2658451A3636}" = EuroScope 3.1d "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.2 "{A298A7A7-3BD2-42EE-B48C-12C97A9BBF08}" = aerosoft's - German Airports 2 - Dortmund X "{A70B1A8B-24B4-4204-9E46-D14CBC49093E}" = Vicon boujou 5.0 "{A80712C1-A6E6-423E-A3E2-5C75408EF149}" = aerosoft's - German Airports 2-Muenster-Osnabrueck X "{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AD6C554F-5050-40B1-B84D-51D74A09C7E4}" = Aerosoft's - Mega Airport Budapest "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B837579C-B73E-47ED-B722-B0076CDDFB2C}_is1" = BosMon 1.1.9 "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}" = aerosoft's - German Airports 3 - Bremen X "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E6E332E8-9BFA-48CC-B03C-F181C1F06DC0}" = aerosoft's - Antalya X "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2 "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - Hamburg X "{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FB56079B-7D0C-4D1D-864A-09BA159CC31B}" = Active Sky Evolution "{FCAC5DCE-DECB-4AA4-AA64-13827EA81B2A}" = aerosoft's - German Airports 3 - Luebeck X "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FED35768-B947-44EB-92CC-A17D24B8439A}" = CLOUD9 Orlando FSX 1.01 "1489-3350-5074-6281" = JDownloader 0.9 "6103-4188-8184-5707" = RapidShare Manager 2 "AC3Filter_is1" = AC3Filter 2.2a "Addictive Drums" = Addictive Drums "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3 "Airbus Series 2 - Evolution Full (FSX)" = Airbus Series 2 - Evolution Full (FSX) "AquaMark3" = AquaMark3 "ASIO4ALL" = ASIO4ALL "ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.54 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode) "BlackBox Simulation-Airbus Xtreme (Prologue)" = BlackBox Simulation - Airbus Xtreme (Prologue) "Bus-Simulator 2012_is1" = Bus-Simulator 2012 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Cisco Packet Tracer 5.3_is1" = Cisco Packet Tracer 5.3 "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "DAEMON Tools Lite" = DAEMON Tools Lite "Drumaxx" = Drumaxx "Dyyno Broadcaster" = Dyyno Broadcaster "eMule" = eMule "EOS Utility" = Canon Utilities EOS Utility "EPSON Scanner" = EPSON Scan "EuroGrand Casino" = EuroGrand Casino "FileZilla Client" = FileZilla Client "FileZilla Server" = FileZilla Server "FL Studio 9" = FL Studio 9 "Fraps" = Fraps (remove only) "FSFDT FSCopilot" = FSFDT FSCopilot "FSFDT FSInn" = FSFDT FSInn "GomezPEER" = GomezPEER "Google Chrome" = Google Chrome "Hardcore" = Hardcore "HxD Hex Editor_is1" = HxD Hex Editor Version "Icecast2 Win32_is1" = Icecast 2.3.2 "IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1_is1" = IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1 "iFly Jets - The 737NG for FSX" = iFly Jets - The 737NG for FSX "IL Download Manager" = IL Download Manager "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "JAFSetup" = JAF Setup "Kalender-Excel-8.8_is1" = Kalender-Excel-8.8 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "ManyCam" = ManyCam 3.0.79 (remove only) "Maxwell 2" = Maxwell 2 "MaxwellMax" = Maxwell Plugin for 3D Studio Max "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums "Native Instruments Abbey Road 70s Drums" = Native Instruments Abbey Road 70s Drums "Native Instruments Abbey Road 80s Drums" = Native Instruments Abbey Road 80s Drums "Native Instruments Abbey Road Modern Drums" = Native Instruments Abbey Road Modern Drums "Native Instruments Absynth 5" = Native Instruments Absynth 5 "Native Instruments Alicias Keys" = Native Instruments Alicias Keys "Native Instruments Balinese Gamelan" = Native Instruments Balinese Gamelan "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Battery Library Importer for Maschine" = Native Instruments Battery Library Importer for Maschine "Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand "Native Instruments Evolve Mutations" = Native Instruments Evolve Mutations "Native Instruments Evolve Mutations 2" = Native Instruments Evolve Mutations 2 "Native Instruments FM8" = Native Instruments FM8 "Native Instruments George Duke Soul Treasures" = Native Instruments George Duke Soul Treasures "Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5 "Native Instruments Komplete 8 Ultimate" = Native Instruments Komplete 8 Ultimate "Native Instruments Kontakt 5" = Native Instruments Kontakt 5 "Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library "Native Instruments Maschine Drum Selection" = Native Instruments Maschine Drum Selection "Native Instruments Massive" = Native Instruments Massive "Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand "Native Instruments Rammfire" = Native Instruments Rammfire "Native Instruments Razor" = Native Instruments Razor "Native Instruments Reaktor 5" = Native Instruments Reaktor 5 "Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism "Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2 "Native Instruments Reflektor" = Native Instruments Reflektor "Native Instruments Scarbee Funk Guitarist" = Native Instruments Scarbee Funk Guitarist "Native Instruments Scarbee Jay-Bass" = Native Instruments Scarbee Jay-Bass "Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass "Native Instruments Scarbee MM-Bass Amped" = Native Instruments Scarbee MM-Bass Amped "Native Instruments Scarbee Pre-Bass" = Native Instruments Scarbee Pre-Bass "Native Instruments Scarbee Pre-Bass Amped" = Native Instruments Scarbee Pre-Bass Amped "Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Session Strings Pro" = Native Instruments Session Strings Pro "Native Instruments Studio Drummer" = Native Instruments Studio Drummer "Native Instruments The Finger R2" = Native Instruments The Finger R2 "Native Instruments The Mouth" = Native Instruments The Mouth "Native Instruments Traktors 12" = Native Instruments Traktors 12 "Native Instruments Transient Master" = Native Instruments Transient Master "Native Instruments Upright Piano" = Native Instruments Upright Piano "Native Instruments VC 160" = Native Instruments VC 160 "Native Instruments VC 2A" = Native Instruments VC 2A "Native Instruments VC 76" = Native Instruments VC 76 "Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand "Native Instruments Vintage Organs" = Native Instruments Vintage Organs "Native Instruments West Africa" = Native Instruments West Africa "Nokia Ovi Suite" = Nokia Ovi Suite "OpenAL" = OpenAL "POC32" = POC32 (remove only) "PoiZone" = PoiZone "RealFlow 2012" = RealFlow 2012 "RealFlowMax" = RealFlow Plugin for 3D Studio Max "Revo Uninstaller" = Revo Uninstaller 1.93 "Sakura" = Sakura "SAM3" = SAM Broadcaster v4 "Sawer" = Sawer "sceenPusher_is1" = screenPusher 1.3 "SopCast" = SopCast 3.4.8 "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1 "SpeedFan" = SpeedFan (remove only) "ST6UNST #1" = Visual Basic 6.0 Runtime&Steuerelemente "ST6UNST #2" = BEWERBUNGSMASTER "SuperHideIP" = Super Hide IP "SYBEX Profi-Bewerbungen" = SYBEX Profi-Bewerbungen "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Totalcmd" = Total Commander (Remove or Repair) "Toxic Biohazard" = Toxic Biohazard "UK2000 Gatwick Xtreme FSX" = UK2000 Gatwick Xtreme FSX "UK2000 Heathrow Xtreme" = UK2000 Heathrow Xtreme FSX "UK2000 Manchester Xtreme FSX" = UK2000 Manchester Xtreme FSX "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "XFastUsb" = XFastUsb "YouWave" = YouWave for Android "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2003666590-196046478-3614195370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.06.2012 21:25:34 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:25:34 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:25:34 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:25:34 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:25:34 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:44:09 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10 Description = Error - 18.06.2012 21:46:32 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:46:32 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:46:32 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 21:46:32 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 30.05.2012 01:36:25 | Computer Name = Admin-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?05.?2012 um 00:49:38 unerwartet heruntergefahren. Error - 07.06.2012 09:56:26 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 09.06.2012 09:01:36 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 09.06.2012 09:01:38 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 11.06.2012 05:53:18 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 11.06.2012 05:53:24 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 12.06.2012 06:34:15 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 12.06.2012 06:34:17 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 13.06.2012 07:17:44 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error - 15.06.2012 04:11:14 | Computer Name = Admin-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. < End of report > Geändert von 6800ultra (22.06.2012 um 23:00 Uhr) |
![]() | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU Trojaner - OTL Log Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
![]() | #3 |
| ![]() GVU Trojaner - OTL Log Vielen Dank für die Mühe, aber sorry, dass ich nicht bescheid gesagt habe, das ich bereits neuinstalliert habe.
__________________Dieser Thread hat sich damit erledigt. MFG Marcel |
![]() |
Themen zu GVU Trojaner - OTL Log |
adobe, alternate, bho, bildschirm, blockiert, canon, cloud, cubase, cyberghost, document, error, fehler, firefox, firefox 13.0.1, flash player, format, google earth, helper, ida pro, jdownloader, langs, microsoft office word, monitor.exe, mozilla, object, plug-in, realtek, registry, revo uninstaller, rundll, scan, searchscopes, security, senden, server, software, spark, svchost.exe, teamspeak, total commander, trojaner, udp, version=1.0, windows |