|
Log-Analyse und Auswertung: HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.07.2012, 16:30 | #1 |
| HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@ Hallo, folgenden Treffer hab ich seit 2 Tagen. Ich mach Online Banking mit TAN-Generator...GEFAHR???? Code:
ATTFilter 20.07.2012 06:49:27 Kaspersky Security Suite CBE 11 Schutz-Center Der Schutz funktioniert nicht 20.07.2012 15:47:38 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack 20.07.2012 15:47:39 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@ 20.07.2012 16:22:15 Kaspersky Security Suite CBE 11 Schutz-Center Es wurde Malware gefunden 20.07.2012 16:22:21 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: Exploit.Java.CVE-2010-0840.cl C:\Documents and Settings\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3f4bd72f-1960500d/buildService/MailAgent.class 20.07.2012 16:22:26 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: Exploit.Java.CVE-2010-0840.c C:\Documents and Settings\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\f2a702-6a697685/plugin/sportGame.class 20.07.2012 16:22:36 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack 20.07.2012 16:22:36 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@ 20.07.2012 16:25:18 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack 20.07.2012 16:25:18 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@ Als weiteres Symptom, meine Anordnung der Desktop Icons wird 2 Tagen reseted. [CODE]8OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 18:11:58 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.50% Memory free 7.73 Gb Paging File | 5.92 Gb Available in Paging File | 76.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.81 Gb Total Space | 61.35 Gb Free Space | 41.22% Space Free | Partition Type: NTFS Drive D: | 148.88 Gb Total Space | 29.37 Gb Free Space | 19.73% Space Free | Partition Type: NTFS Computer Name: ROBI | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.20 17:51:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.13 16:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe PRC - [2010.02.22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.12.10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe PRC - [2009.12.09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.12.10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.26 22:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2005.07.25 21:58:12 | 000,451,584 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device) SRV - [2012.07.19 16:26:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 18:37:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.07 12:17:33 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.07.08 09:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011.04.13 16:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP) SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010.04.06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.11.27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.11.05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.04.29 23:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcgcoms.exe -- (lxcg_device) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- D:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.03 17:42:05 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 16:04:28 | 001,221,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.04 22:26:14 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.21 16:58:50 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010.07.07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.06.09 18:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 18:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.04.27 04:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.26 22:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.22 20:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.05 12:11:30 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDMI64.sys -- (CnxtHdmiAudService) DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.02.22 18:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.10 15:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.01.18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.12.31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3E046B4E-99DC-49F9-9ADD-BAC8CD116BA8} IE:64bit: - HKLM\..\SearchScopes\{3E046B4E-99DC-49F9-9ADD-BAC8CD116BA8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {BCD8CF1C-C313-4D66-955F-EADC1AEA5886} IE - HKLM\..\SearchScopes\{C7C24409-023D-403D-881C-22C921E7BAE6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=34073cd000000000000000ffdc65c178 IE - HKCU\..\SearchScopes\{6F9D33AA-F796-4C54-9E53-0BC79483CA94}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{781D7BB0-5D8A-41ED-AFB9-D365F8B4D6A1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{BCD8CF1C-C313-4D66-955F-EADC1AEA5886}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{C28C51C5-6346-4AA4-A2AF-79D38E584A05}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.6 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=34073cd000000000000000ffdc65c178&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Programme\AceBIT\Password Depot 5\Firefox\ [2012.01.23 19:57:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 16:26:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 20:25:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 16:26:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 20:25:31 | 000,000,000 | ---D | M] [2011.06.24 07:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions [2010.09.04 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable [2010.09.04 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2012.06.28 16:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions [2012.06.28 16:48:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.06.06 18:04:13 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2010.10.19 18:37:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\gmiw2y4a.default\searchplugins\startsear.xml [2012.03.17 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.01.03 17:43:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2012.01.03 17:43:30 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012.06.23 11:12:01 | 000,210,420 | ---- | M] () (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMIW2Y4A.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI [2012.05.29 11:46:00 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMIW2Y4A.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI [2012.07.19 16:26:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.07 18:38:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.13 18:33:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.10 18:13:47 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.02.13 18:33:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 18:33:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 18:33:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 18:33:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 18:33:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48 CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050 CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/ CHR - homepage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_250.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: DVDVideoSoftTB = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\ O1 HOSTS File: ([2011.02.19 13:51:32 | 000,001,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 gosredirector.ea.com O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com O1 - Hosts: 127.0.0.1 demangler.ea.com O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Password Depot 5) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Programme\AceBIT\Password Depot 5\pdIEAddOn.dll (AceBIT) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [ImpulseFastStart] "C:\Program Files (x86)\Stardock\Impulse\Impulse.exe" /fastload File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [ONAIR] C:\Programme\ONAIR\ONAIR.exe (DJMASTER.COM) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Password Depot 5 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Programme\AceBIT\Password Depot 5\PasswordDepot.exe (AceBIT GmbH) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10991529-D976-415B-9ABB-053F388730B3}: DhcpNameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D33F90-1258-440A-8088-83EF62D15BD6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E302AE6-C06C-45EF-8309-A8222D379DB6}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCD4D51F-EDF4-49C1-A791-F2ADB88A0EFD}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d0699bc4-b862-11df-b431-00266c672920}\Shell - "" = AutoRun O33 - MountPoints2\{d0699bc4-b862-11df-b431-00266c672920}\Shell\AutoRun\command - "" = G:\Topstart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 17:51:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe [2012.07.20 17:49:59 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Macromedia [2012.07.20 17:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\ATI [2012.07.20 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Apple Computer [2012.06.30 21:18:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Earth 2160 [2012.06.30 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Earth 2160 [2012.06.30 21:18:25 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Earth 2160 [2012.06.29 20:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.29 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\Diablo-III-8370-deDE-Installer [2012.06.27 17:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONAIR [2012.06.27 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ONAIR [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.20 18:22:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695298073-2113985289-2258375022-1000UA.job [2012.07.20 17:53:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 17:53:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 17:52:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.20 17:51:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe [2012.07.20 17:45:28 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.20 17:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 17:45:08 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys [2012.07.20 17:42:33 | 000,000,020 | ---- | M] () -- C:\Users\Rob\defogger_reenable [2012.07.20 17:37:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.20 16:22:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695298073-2113985289-2258375022-1000Core.job [2012.07.12 21:18:31 | 000,002,360 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk [2012.07.12 15:53:44 | 000,526,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.07 12:16:49 | 000,086,152 | ---- | M] () -- C:\Users\Rob\Documents\Serial CIV 5 addon.png [2012.07.03 10:41:47 | 002,194,175 | ---- | M] () -- C:\Users\Rob\Desktop\Steuerung eines Pilot _ Router _ Upgrades an.pdf [2012.06.30 21:25:53 | 000,000,638 | ---- | M] () -- C:\Users\Rob\Desktop\Earth 2160.lnk [2012.06.30 20:34:46 | 544,112,639 | ---- | M] () -- C:\Users\Rob\Desktop\E2160.iso [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.20 17:42:33 | 000,000,020 | ---- | C] () -- C:\Users\Rob\defogger_reenable [2012.07.07 12:16:49 | 000,086,152 | ---- | C] () -- C:\Users\Rob\Documents\Serial CIV 5 addon.png [2012.07.03 10:41:47 | 002,194,175 | ---- | C] () -- C:\Users\Rob\Desktop\Steuerung eines Pilot _ Router _ Upgrades an.pdf [2012.06.30 21:25:53 | 000,000,638 | ---- | C] () -- C:\Users\Rob\Desktop\Earth 2160.lnk [2012.06.30 21:05:36 | 544,112,639 | ---- | C] () -- C:\Users\Rob\Desktop\E2160.iso [2012.01.11 17:28:20 | 000,002,048 | -HS- | C] () -- C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\@ [2011.08.22 15:37:36 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2011.08.22 15:37:35 | 000,001,291 | ---- | C] () -- C:\Windows\unins000.dat [2011.04.17 20:32:49 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.26 12:30:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2011.02.26 12:30:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2011.02.26 12:30:50 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2011.02.26 12:30:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2011.02.26 12:30:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2011.02.26 12:30:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2011.02.26 12:30:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2011.02.26 12:30:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2011.02.26 12:30:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2011.02.26 12:30:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2011.02.26 12:30:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2011.02.26 12:30:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2011.02.26 12:30:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2011.02.26 12:30:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2011.02.26 12:30:49 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2011.02.26 12:30:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2011.02.26 12:30:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2010.12.23 15:49:26 | 000,000,444 | ---- | C] () -- C:\Windows\Magix.ini [2010.12.15 19:16:14 | 000,000,146 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2010.12.15 19:06:19 | 000,003,489 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.11.06 13:58:35 | 000,007,609 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg [2010.10.03 19:08:13 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.28 16:05:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.04 20:26:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe ========== LOP Check ========== [2012.01.23 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AceBIT [2010.12.21 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo Cover Studio 2 [2012.04.10 18:13:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Babylon [2011.02.19 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Command and Conquer 4 [2010.09.04 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Lite [2012.06.16 11:39:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDVideoSoft [2012.01.24 08:44:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.01 12:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\e-academy Inc [2010.12.13 17:56:10 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla [2011.12.04 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo [2011.12.17 18:54:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ICQ [2010.12.23 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ImgBurn [2010.11.29 16:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\JavaEditor [2011.11.03 19:09:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Kalypso Media [2010.12.21 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\MAGIX [2011.02.08 16:36:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Writer [2012.04.10 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\pdfforge [2011.11.24 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SpeedSim [2012.01.21 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Stardock [2010.09.04 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Toshiba [2011.11.03 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Tropico 4 [2012.04.23 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TS3Client [2011.12.30 17:51:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ts3overlay [2011.12.04 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ubisoft [2011.06.17 16:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent [2010.09.04 20:26:20 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinBatch [2012.04.23 16:12:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und der Extra.txt von OTL. Code:
ATTFilter OTL Extras logfile created on: 20.07.2012 18:11:58 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.50% Memory free 7.73 Gb Paging File | 5.92 Gb Available in Paging File | 76.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.81 Gb Total Space | 61.35 Gb Free Space | 41.22% Space Free | Partition Type: NTFS Drive D: | 148.88 Gb Total Space | 29.37 Gb Free Space | 19.73% Space Free | Partition Type: NTFS Computer Name: ROBI | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FAFFF4-2DA3-4F19-8A35-9D553896423B}" = rport=445 | protocol=6 | dir=out | app=system | "{063F8915-7024-4B77-A86F-D69091FAC069}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1641B9E9-4528-48EF-B674-0B54F0A579AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1BFC3B52-F1ED-40AF-AAD6-B6DE8861A723}" = rport=139 | protocol=6 | dir=out | app=system | "{333F107D-5E58-4072-9BF5-F7180AF6A8EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4292091B-8B7D-4D80-A9C6-1614B72EEAC9}" = rport=10243 | protocol=6 | dir=out | app=system | "{4FA63704-75CB-4F9E-A602-51E65662C88D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5183CED0-94BC-4CC8-8FEC-8018292DA617}" = lport=139 | protocol=6 | dir=in | app=system | "{692719CB-B65D-4083-A06A-F8E77DAFBE7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B33FE03-016F-435B-BA73-80A10598ED45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{76293A68-E112-4F88-A1B2-55986586D61D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C3817F6-F4A8-46F5-8617-C3DD4CBD7288}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D04C8CA-A96E-4C56-BE9F-27C465497684}" = lport=445 | protocol=6 | dir=in | app=system | "{831DDA9F-7DA7-44C3-80C0-089EB5870B1B}" = lport=10243 | protocol=6 | dir=in | app=system | "{924AEF68-1F4C-4AD5-881C-F18D59F5FB54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97A3C11D-734E-4C5B-97EB-96335035233A}" = lport=137 | protocol=17 | dir=in | app=system | "{9E55C288-9734-4906-A064-7BC849D39D77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B239058E-C75A-422E-A071-8C060776524A}" = rport=137 | protocol=17 | dir=out | app=system | "{C428F0FB-4F18-482A-B597-BD1EE7F342DF}" = lport=2869 | protocol=6 | dir=in | app=system | "{C8A6DE11-88E2-49A7-9A39-90750A7D4EFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C98905FF-9C06-4E16-A6F3-0AC8E3843C18}" = rport=138 | protocol=17 | dir=out | app=system | "{CBCFB6B7-288C-44B0-BB3C-BA08D3D92E0D}" = lport=138 | protocol=17 | dir=in | app=system | "{F11C179F-5707-46D4-BCCD-113550FDA5F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC166EF3-50A3-4703-8D55-AE36715B5773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EA260D-EDC9-4D37-A00A-9068BFDF32E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0922C112-92B6-4773-9257-7E26C8F5BCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0984A018-E1F8-4ED3-9DA8-A1A31055A107}" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\relicdownloader\relicdownloader.exe | "{0CF28643-07E7-4DE6-A2B8-E34B999BCC42}" = protocol=6 | dir=in | app=d:\spiele\sacred 2\system\sacred2.exe | "{0FFD5F25-3D99-477E-8C5E-A9A3A7BD2A84}" = protocol=17 | dir=in | app=d:\spiele\wic\wic_ds.exe | "{1117EC0C-498A-499D-8D70-63D2E915BDA1}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe | "{14EA9AE4-F583-468A-B840-F1C8DBB10B44}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{172315A6-209A-4A15-BF8F-7246EA8B39D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe | "{1AC4D91C-280F-4514-A464-69E2302E93A3}" = protocol=6 | dir=in | app=d:\spiele\wic\wic_ds.exe | "{1D948D5C-F3FC-4207-B272-63C1C32E12E9}" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\reliccoh.exe | "{21183442-45F9-4782-B76F-22DEC35DA215}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{2360B8FE-0F4F-4EFE-BBF7-C0159D690FDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2415E956-747E-417D-8FDA-8C99744238A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{25182BAA-ACA2-48B7-849C-843515439098}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{28A8EDA3-9530-4C41-BB9E-BEB98FFBD450}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{2A8806E1-1D55-4CF3-B99F-FB3F9B515708}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2F6F2093-8CDD-48D2-85F8-4570056AD534}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2F708076-7D31-48D5-9C19-EC9368888A2A}" = protocol=6 | dir=in | app=d:\spiele\anno270\anno5.exe | "{38BC431B-0542-4D76-BBB0-12D2FC869A05}" = protocol=17 | dir=in | app=d:\spiele\earth 2160\earth2160_no_sse.exe | "{3F53EB9D-E47B-4770-9FD8-C9C8FBACE08D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{419E045B-A6A7-42FD-8EE1-6EADF8BAE3FC}" = protocol=6 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\tom clancy's endwar launcher.exe | "{4AE87A91-3B82-4CA8-8622-5731E4E3F2DE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4B5F2817-EE42-477C-BA55-5CFC6C9A145D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{50396CEE-DB16-4515-BD82-03FDD864E1F9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{513E7DDF-4BA9-4BC5-A761-D44F67DDC82C}" = protocol=6 | dir=in | app=d:\spiele\riseofnationsgold\thrones.exe | "{5828F911-944E-49AC-9BDC-57C861FBA781}" = protocol=6 | dir=in | app=d:\spiele\sin\stardock games\sins of a solar empire\sins of a solar empire.exe | "{5E9BBCA6-3513-4FDC-9F3A-0F5042405D6B}" = protocol=17 | dir=in | app=d:\spiele\earth 2160\earth2160_sse.exe | "{5F258188-14F3-45FA-8246-8D73AA2809E1}" = protocol=17 | dir=in | app=d:\spiele\anno270\initengine.exe | "{5FD18AD0-F755-4F0E-A446-B46557773D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6104A1EB-20D7-4409-9076-E74D8F047913}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{62A6B58F-614A-4F6E-80CA-EAC08055E44C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{690E4EC7-0BE4-4CC1-A40A-6654FE8E013B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6A8CED2A-5F21-48BF-BFEE-08376C973AD2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe | "{6E1AB1C6-9B86-4B1E-926C-BA55188F983A}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{6E6E825A-97C5-4A88-A690-95CC720CE6CE}" = protocol=6 | dir=in | app=d:\spiele\sacred 2\system\s2gs.exe | "{70B3BAF2-13A3-4842-9C30-50F7BA8CD06B}" = protocol=6 | dir=in | app=d:\spiele\wic\wic.exe | "{7305FBBA-187B-4FF4-AFB4-F2347315AAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{7736FB4B-162E-46D9-8DFC-25CBF6576BE3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{7747B321-AEFF-499F-84A9-70B1FF8CE974}" = protocol=17 | dir=in | app=d:\spiele\anno270\anno5.exe | "{7F166A75-9307-4241-8ABE-5FB0DCDF64BD}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe | "{7F4C9D2D-870C-41E2-8510-0AB11BF0F2AA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{8095BDCB-979D-420B-AC98-B10466240F3F}" = protocol=17 | dir=in | app=d:\spiele\sacred 2\system\sacred2.exe | "{82747054-C41D-44FF-8C2B-4FF643E0D7A0}" = protocol=17 | dir=in | app=d:\spiele\wic\wic.exe | "{830045D4-C667-4E6E-96F2-DF349128E536}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{84433555-CDBE-4F5C-8B03-7B06A993F9D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{860118DE-DB47-4B6B-B594-0414FBB78C75}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{88F9B0CE-8F62-4EC0-9166-CCB0736557D6}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{91EFC706-0246-41CD-A4F2-1BD4F6B6D318}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9258B5A8-7BE6-4C9F-AA63-BD123AFA093D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{93B5C15D-4390-4CCB-8362-C29FE9378C10}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{96954E58-13B2-48A0-9256-1256BC4EB8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{96BB4573-BAF1-4C76-BA54-9A4ED91BDA16}" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\relicdownloader\relicdownloader.exe | "{96DD5A96-A7DE-4793-B1B9-706F0A442C6D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{96F9E76A-C9BE-4641-A680-620B841CD932}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{9AD402BD-DB7D-402B-A0E9-CC87A5B99FF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2435C27-6687-4327-903A-EFFFD124B5B2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe | "{A26DBE86-5E10-47C7-BECB-99560C3457DB}" = protocol=17 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\tom clancy's endwar launcher.exe | "{A30B17D8-1673-4C98-A0DA-1809F94D0906}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6226493-6F2D-4490-9C50-55168CA975AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A9E5157B-0E9D-4160-B048-82A15BEB4DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AA59B625-3CA8-4C25-AEF0-5D107AC4529A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{AE28A7A3-1BDF-4EA6-8FBD-D6AA63DDCF3A}" = protocol=17 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\binaries\endwar.exe | "{B01D0B30-5843-4E8C-85CF-4B158B104920}" = protocol=17 | dir=in | app=d:\spiele\anno270\autopatcher.exe | "{B2F674C7-C718-4184-92C2-1760EA2F0EAE}" = protocol=17 | dir=in | app=d:\spiele\sacred 2\system\s2gs.exe | "{B314CB9F-E4AD-4740-BA76-CECB115A3606}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B45619F8-7481-40EA-8D58-617AA3F2A4B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B828CA1E-42F7-483B-9313-6320FB01CCC4}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe | "{B96B6368-85A1-4E9C-81C5-F4CA08CD08A3}" = protocol=6 | dir=in | app=d:\spiele\earth 2160\earth2160_no_sse.exe | "{B9BD3AEC-C76A-4D7B-897D-EB9EF66188A3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{BC298EEF-A3D3-49FF-9A29-364324404CE7}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{BF1D2B85-5699-40CB-B892-A3FF6836DB1F}" = protocol=6 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\binaries\endwar.exe | "{BF98C983-08D7-424B-891B-229581274A13}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{C0236620-872D-49D2-BE16-CD8EDD6E59CD}" = protocol=17 | dir=in | app=d:\spiele\riseofnationsgold\thrones.exe | "{C09B95F6-E4DA-4716-9981-C666170F26E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C103378A-6DD0-4551-8A3C-F2AA61760BE5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{C1F594EF-3404-4B91-8696-3CBB0880CC3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C3330A97-574A-4FEA-9FFB-E7802B43441E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{C6A32C21-EB74-46D1-97E4-32C81ADEE1FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C745E408-4ACF-45DE-9410-F4115701D046}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C8806354-B18D-4D59-92E3-2EA9C9753FBD}" = protocol=17 | dir=in | app=d:\spiele\sin\stardock games\sins of a solar empire\sins of a solar empire.exe | "{CC73220F-444B-4BFC-92FA-7FE9A635029B}" = protocol=17 | dir=in | app=d:\spiele\wic\wic_online.exe | "{D1EEDEDC-9054-442A-832D-78E3D19326D8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D389BAB5-7520-41CD-8378-B6E9E60A7488}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D5B985F5-A73D-40E4-84A8-17E46370269B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E28FA478-36A5-42CB-9D5E-D9701ADBECFC}" = protocol=6 | dir=in | app=d:\spiele\earth 2160\earth2160_sse.exe | "{E3DEECB8-7338-46FC-9C91-E0B66BEC105E}" = protocol=6 | dir=out | app=system | "{E4F96A0C-B9A2-41E3-85D0-6B843ABB7809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E8A26B32-1438-4485-9E6F-069D420D4C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe | "{EA1C843E-C7AE-40C7-A1B9-C3E781C693EB}" = protocol=6 | dir=in | app=d:\spiele\anno270\initengine.exe | "{EAD74459-2EC6-4E0F-BD6C-B95CD52B8334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F0EB1EC7-4D3C-46C6-8885-F09C681BD943}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F15ABED3-53B0-4965-A92D-5D664ABBB036}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{F5370463-0C09-43EB-95BB-05C2F9104DEC}" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\reliccoh.exe | "{F56E711D-E363-4CBC-8E06-46E60D498281}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F93A2E1A-8BC4-4415-A8AD-F48C79BAD536}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F988A43C-5924-4A71-9AB4-0B5973ED61F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FAB5D870-1AEA-4CE1-B33D-ED7DC82F1CE9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FB0BAC39-EA52-41DF-BF8F-DE5EA218BAAA}" = protocol=6 | dir=in | app=d:\spiele\wic\wic_online.exe | "{FBAEF721-5DE6-4732-B44F-01A365EC714F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe | "{FCCE222C-E88F-47A6-B3A0-534386B30CD9}" = protocol=6 | dir=in | app=d:\spiele\anno270\autopatcher.exe | "{FFD8FF51-0D37-4853-ADB6-F0D6BD2418D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{42F9C512-7884-4919-ADB5-F5D5BD840D8D}D:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{A537F1C5-8DE1-4185-B583-392132C548E9}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{B70454A9-EFAD-4794-A0C9-840AA9A0A9DE}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "TCP Query User{EF724CA2-29AD-44B0-A302-7CAF32AB26C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{62F75982-7F71-4E7A-AF1F-6B82FA7FEEC8}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "UDP Query User{BEABA85C-6D40-4D3F-8312-5301F62FAD0B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C8EDC2E5-D09F-4923-A12E-460DFE0F6CD3}D:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{F07112D9-49BD-44DD-8727-4F32D27BEFF0}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{61D4B846-49F8-2639-A4EB-977875265F37}" = ATI Catalyst Install Manager "{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89505FE0-A07E-928A-42F4-DA1B2788C01B}" = ccc-utility64 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "7-PDF Printer_is1" = 7-PDF Printer 7.1.0.1262 "Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec "CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.18 "Lexmark 2300 Series" = Lexmark 2300 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "ONAIR_is1" = ONAIR 4.0.0.834 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}" = CCC Help Korean "{04DE4606-6C76-A25C-BD13-646479CE1A5C}" = CCC Help Russian "{058E65E2-AFC2-8974-43A2-1EA5A4A53471}" = ccc-core-static "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{06A81056-303F-A212-191D-35310DE5759F}" = CCC Help English "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0AA381AC-7BBB-5B29-836C-5E13BB91154A}" = CCC Help Hungarian "{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}" = Catalyst Control Center Localization All "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{162E46EB-F7C6-4B01-2384-349980B3F1BF}" = Catalyst Control Center Core Implementation "{16622EEF-D159-3EB8-0EE3-F01B98317CED}" = CCC Help Swedish "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1C0526C4-478A-9066-F37A-E58F08A21FE9}" = Catalyst Control Center Graphics Full New "{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}" = CCC Help Danish "{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}" = CCC Help French "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{24642C6B-1F1F-362F-6A7F-14C75C9EE603}" = CCC Help Turkish "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{313B4B6B-61B3-5F70-647B-E6285A9D81DF}" = CCC Help Spanish "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3264BE02-6AC0-96B3-A212-392A850D58CA}" = CCC Help German "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3CB58AB7-6750-F510-F055-27FA68D77472}" = CCC Help Dutch "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{53007195-C491-23E9-D420-EDAB61E57609}" = CCC Help Polish "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}" = Catalyst Control Center Graphics Full Existing "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5d5cf71a-ad07-4329-af80-dce3581cbe98}" = Nero 9 Essentials "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.15f, 2010.11.27 "{66815B84-05B8-4FA3-AACA-3E7C434F78B8}_is1" = Password Depot 5 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68A8941B-6E97-B11C-1B10-C3370E4CC885}" = Catalyst Control Center Graphics Previews Common "{6910C412-A523-493C-BC22-0213CD7F4F3A}" = IndustrieGigant 2 - Gold Edition "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}" = CCC Help Chinese Traditional "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{6CDB6681-B777-4DAD-412E-7933B9296850}" = CCC Help Greek "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2 "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}" = Catalyst Control Center InstallProxy "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85010422-4932-6A9E-C222-A994DA299C81}" = CCC Help Portuguese "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}" = CCC Help Norwegian "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6210BC-CF1C-E637-C74D-28612585CAD9}" = CCC Help Chinese Standard "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}" = CCC Help Italian "{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{BA28817B-738A-9284-D3D6-E973982AEF3B}" = Catalyst Control Center Graphics Previews Vista "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C58362EF-CABB-B475-065B-FD07C0D49770}" = CCC Help Czech "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}" = CCC Help Japanese "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E616437B-CE55-B463-ED6B-408E29A073CB}" = CCC Help Finnish "{E718AAF4-CB80-9649-347E-C9A9803BE6D0}" = CCC Help Thai "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}" = Catalyst Control Center Graphics Light "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Bridge Building Game" = Bridge Building Game "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Earth 2160" = Earth 2160 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D) "Free Audio Converter_is1" = Free Audio Converter version 2.2.11 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608 "Galactic Civilizations II - Endless Universe" = Galactic Civilizations II - Endless Universe "GameSpy Arcade" = GameSpy Arcade "GPL Ghostscript 9.00" = GPL Ghostscript 9.00 "Hattrick Organizer" = Hattrick Organizer (remove only) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2 "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "JDownloader" = JDownloader "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service (D) "MAGIX Video deluxe 2006 2007 PLUS D" = MAGIX Video deluxe 2006 2007 PLUS (D) "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.VISIOR" = Microsoft Visio Professional 2010 "OpenAL" = OpenAL "Panzer Corps_is1" = Panzer Corps version 1.0 "Panzer Corps1.00" = Panzer Corps "Pride of Nations_is1" = PON 1.01 "RiseOfNationsExpansion 1.0" = Rise of Nations "ShotOnline" = ShotOnline "Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity "SpeedSim" = SpeedSim "StarCraft II" = StarCraft II "Steam App 16830" = Sid Meier's Civilization V SDK "Steam App 58610" = Wargame: European Escalation "Steam App 8930" = Sid Meier's Civilization V "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 2.0.1 "vShare.tv plugin" = vShare.tv plugin 1.3 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FileZilla Client" = FileZilla Client 3.3.5.1 "Google Chrome" = Google Chrome "Tropico 4" = Tropico 4 1.00 "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.05.2011 12:44:02 | Computer Name = Robi | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 08.05.2011 13:14:28 | Computer Name = Robi | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 08.05.2011 13:14:40 | Computer Name = Robi | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 09.05.2011 16:55:16 | Computer Name = Robi | Source = MsiInstaller | ID = 11935 Description = Error - 09.05.2011 16:58:29 | Computer Name = Robi | Source = Application Hang | ID = 1002 Description = Programm msiexec.exe, Version 5.0.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1770 Startzeit: 01cc0e8743ad4813 Endzeit: 51 Anwendungspfad: C:\Windows\SysWOW64\msiexec.exe Berichts-ID: Error - 09.05.2011 17:41:24 | Computer Name = Robi | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 09.05.2011 17:42:57 | Computer Name = Robi | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 10.05.2011 00:37:51 | Computer Name = Robi | Source = ESENT | ID = 215 Description = WinMail (2668) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 10.05.2011 00:38:08 | Computer Name = Robi | Source = ESENT | ID = 215 Description = WinMail (3720) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 10.05.2011 15:45:55 | Computer Name = Robi | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 07.07.2012 06:17:46 | Computer Name = Robi | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 07.07.2012 06:17:46 | Computer Name = Robi | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 09.07.2012 10:22:42 | Computer Name = Robi | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?07.?2012 um 23:12:29 unerwartet heruntergefahren. Error - 10.07.2012 10:34:00 | Computer Name = Robi | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht. Error - 11.07.2012 10:48:13 | Computer Name = Robi | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht. Error - 11.07.2012 16:14:20 | Computer Name = Robi | Source = DCOM | ID = 10010 Description = Error - 12.07.2012 09:53:34 | Computer Name = Robi | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?07.?2012 um 22:22:28 unerwartet heruntergefahren. Error - 18.07.2012 02:27:41 | Computer Name = Robi | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?17.?07.?2012 um 23:12:47 unerwartet heruntergefahren. Error - 19.07.2012 10:14:08 | Computer Name = Robi | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Notebook Performance Tuning Service (TEMPRO) erreicht. Error - 20.07.2012 11:45:15 | Computer Name = Robi | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?20.?07.?2012 um 17:44:22 unerwartet heruntergefahren. < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-20 19:22:46 Windows 6.1.7601 Service Pack 1 Running: dq4vktlf.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0xC1 0x7E 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x47 0x2C 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x4B 0x62 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0xC1 0x7E 0x8C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x47 0x2C 0x10 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x4B 0x62 0xBF ... ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.20.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rob :: ROBI [Administrator] 20.07.2012 19:28:22 mbam-log-2012-07-20 (19-40-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195803 Laufzeit: 6 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-21-2695298073-2113985289-2258375022-1000\$RMEH5QO.exe (Trojan.Agent.BVXGen) -> Keine Aktion durchgeführt. C:\Users\Rob\AppData\Local\Temp\msimg32.dll (Trojan.Agent.BVXGen) -> Keine Aktion durchgeführt. (Ende) |
23.07.2012, 10:09 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@ Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@ |
appdata, banking, cache, code, conduit, cyberghost, folge, folgende, folgenden, funktionier, funktioniert, google earth, heur, heur:, heuristiks/extra, heuristiks/shuriken, index, install.exe, jdownloader, local, malware, microsoft office word, msiexec.exe, msiinstaller, msimg32.dll, office 2007, online, online banking, plug-in, recycle.bin, richtlinie, search the web, searchscopes, security, security suite, suite, temp, treffer, troja, trojan.agent.bvxgen, usb 2.0, users, wargame |