| DerBernd12 | 20.07.2012 16:30 |
HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@
Hallo, folgenden Treffer hab ich seit 2 Tagen.
Ich mach Online Banking mit TAN-Generator...GEFAHR???? Code:
20.07.2012 06:49:27 Kaspersky Security Suite CBE 11 Schutz-Center Der Schutz funktioniert nicht
20.07.2012 15:47:38 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack
20.07.2012 15:47:39 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@
20.07.2012 16:22:15 Kaspersky Security Suite CBE 11 Schutz-Center Es wurde Malware gefunden
20.07.2012 16:22:21 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: Exploit.Java.CVE-2010-0840.cl C:\Documents and Settings\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3f4bd72f-1960500d/buildService/MailAgent.class
20.07.2012 16:22:26 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: Exploit.Java.CVE-2010-0840.c C:\Documents and Settings\Rob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\f2a702-6a697685/plugin/sportGame.class
20.07.2012 16:22:36 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack
20.07.2012 16:22:36 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@
20.07.2012 16:25:18 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Trojan.Win32.Generic C:\Users\Rob\AppData\Local\Temp\owxcremans.exe/ASPack
20.07.2012 16:25:18 Kaspersky Security Suite CBE 11 Schutz-Center Gefunden: HEUR:Backdoor.Win64.Generic C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\80000000.@
Hab OTL fertig.
Als weiteres Symptom, meine Anordnung der Desktop Icons wird 2 Tagen reseted.
[CODE]8OTL Logfile: Code:
OTL logfile created on: 20.07.2012 18:11:58 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.50% Memory free
7.73 Gb Paging File | 5.92 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 61.35 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 29.37 Gb Free Space | 19.73% Space Free | Partition Type: NTFS
Computer Name: ROBI | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.20 17:51:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.13 16:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2010.02.22 13:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.12.10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009.12.09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.27 12:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009.07.28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
========== Modules (No Company Name) ==========
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.04.26 22:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2005.07.25 21:58:12 | 000,451,584 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device)
SRV - [2012.07.19 16:26:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 18:37:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.07 12:17:33 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.07.08 09:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.04.13 16:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.04.06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010.02.05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.11.05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.04.29 23:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcgcoms.exe -- (lxcg_device)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- D:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.03 17:42:05 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 16:04:28 | 001,221,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.04 22:26:14 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.07.21 16:58:50 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010.07.07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010.06.09 18:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.06.09 18:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.04.27 04:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.26 22:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.22 20:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.05 12:11:30 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDMI64.sys -- (CnxtHdmiAudService)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.02.22 18:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.10 15:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.18 17:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.01.15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.12.31 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3E046B4E-99DC-49F9-9ADD-BAC8CD116BA8}
IE:64bit: - HKLM\..\SearchScopes\{3E046B4E-99DC-49F9-9ADD-BAC8CD116BA8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BCD8CF1C-C313-4D66-955F-EADC1AEA5886}
IE - HKLM\..\SearchScopes\{C7C24409-023D-403D-881C-22C921E7BAE6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=34073cd000000000000000ffdc65c178
IE - HKCU\..\SearchScopes\{6F9D33AA-F796-4C54-9E53-0BC79483CA94}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{781D7BB0-5D8A-41ED-AFB9-D365F8B4D6A1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{BCD8CF1C-C313-4D66-955F-EADC1AEA5886}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{C28C51C5-6346-4AA4-A2AF-79D38E584A05}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.6
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=34073cd000000000000000ffdc65c178&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Programme\AceBIT\Password Depot 5\Firefox\ [2012.01.23 19:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 16:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 20:25:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 16:26:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 20:25:31 | 000,000,000 | ---D | M]
[2011.06.24 07:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions
[2010.09.04 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2010.09.04 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.06.28 16:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions
[2012.06.28 16:48:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.06.06 18:04:13 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2010.10.19 18:37:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rob\AppData\Roaming\mozilla\Firefox\Profiles\gmiw2y4a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\gmiw2y4a.default\searchplugins\startsear.xml
[2012.03.17 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.01.03 17:43:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.01.03 17:43:30 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.06.23 11:12:01 | 000,210,420 | ---- | M] () (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMIW2Y4A.DEFAULT\EXTENSIONS\{71BFCCE7-421D-4042-95D4-A585A821CBCA}.XPI
[2012.05.29 11:46:00 | 000,104,669 | ---- | M] () (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMIW2Y4A.DEFAULT\EXTENSIONS\{7E77F5DF-8022-40E3-9122-F03DEBEFC43B}.XPI
[2012.07.19 16:26:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 18:38:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.13 18:33:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.10 18:13:47 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.13 18:33:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 18:33:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 18:33:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 18:33:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 18:33:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_250.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DVDVideoSoftTB = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\
O1 HOSTS File: ([2011.02.19 13:51:32 | 000,001,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Password Depot 5) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Programme\AceBIT\Password Depot 5\pdIEAddOn.dll (AceBIT)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [ImpulseFastStart] "C:\Program Files (x86)\Stardock\Impulse\Impulse.exe" /fastload File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [ONAIR] C:\Programme\ONAIR\ONAIR.exe (DJMASTER.COM)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Password Depot 5 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Programme\AceBIT\Password Depot 5\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10991529-D976-415B-9ABB-053F388730B3}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D33F90-1258-440A-8088-83EF62D15BD6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E302AE6-C06C-45EF-8309-A8222D379DB6}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCD4D51F-EDF4-49C1-A791-F2ADB88A0EFD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0699bc4-b862-11df-b431-00266c672920}\Shell - "" = AutoRun
O33 - MountPoints2\{d0699bc4-b862-11df-b431-00266c672920}\Shell\AutoRun\command - "" = G:\Topstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.20 17:51:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012.07.20 17:49:59 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Macromedia
[2012.07.20 17:47:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\ATI
[2012.07.20 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Apple Computer
[2012.06.30 21:18:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Earth 2160
[2012.06.30 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Earth 2160
[2012.06.30 21:18:25 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Earth 2160
[2012.06.29 20:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.06.29 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\Diablo-III-8370-deDE-Installer
[2012.06.27 17:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONAIR
[2012.06.27 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ONAIR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.20 18:22:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695298073-2113985289-2258375022-1000UA.job
[2012.07.20 17:53:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 17:53:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 17:52:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 17:51:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012.07.20 17:45:28 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 17:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 17:45:08 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 17:42:33 | 000,000,020 | ---- | M] () -- C:\Users\Rob\defogger_reenable
[2012.07.20 17:37:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 16:22:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2695298073-2113985289-2258375022-1000Core.job
[2012.07.12 21:18:31 | 000,002,360 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2012.07.12 15:53:44 | 000,526,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.07 12:16:49 | 000,086,152 | ---- | M] () -- C:\Users\Rob\Documents\Serial CIV 5 addon.png
[2012.07.03 10:41:47 | 002,194,175 | ---- | M] () -- C:\Users\Rob\Desktop\Steuerung eines Pilot _ Router _ Upgrades an.pdf
[2012.06.30 21:25:53 | 000,000,638 | ---- | M] () -- C:\Users\Rob\Desktop\Earth 2160.lnk
[2012.06.30 20:34:46 | 544,112,639 | ---- | M] () -- C:\Users\Rob\Desktop\E2160.iso
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.20 17:42:33 | 000,000,020 | ---- | C] () -- C:\Users\Rob\defogger_reenable
[2012.07.07 12:16:49 | 000,086,152 | ---- | C] () -- C:\Users\Rob\Documents\Serial CIV 5 addon.png
[2012.07.03 10:41:47 | 002,194,175 | ---- | C] () -- C:\Users\Rob\Desktop\Steuerung eines Pilot _ Router _ Upgrades an.pdf
[2012.06.30 21:25:53 | 000,000,638 | ---- | C] () -- C:\Users\Rob\Desktop\Earth 2160.lnk
[2012.06.30 21:05:36 | 544,112,639 | ---- | C] () -- C:\Users\Rob\Desktop\E2160.iso
[2012.01.11 17:28:20 | 000,002,048 | -HS- | C] () -- C:\Users\Rob\AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\@
[2011.08.22 15:37:36 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.08.22 15:37:35 | 000,001,291 | ---- | C] () -- C:\Windows\unins000.dat
[2011.04.17 20:32:49 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.26 12:30:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll
[2011.02.26 12:30:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll
[2011.02.26 12:30:50 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll
[2011.02.26 12:30:50 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll
[2011.02.26 12:30:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll
[2011.02.26 12:30:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll
[2011.02.26 12:30:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll
[2011.02.26 12:30:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll
[2011.02.26 12:30:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll
[2011.02.26 12:30:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll
[2011.02.26 12:30:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe
[2011.02.26 12:30:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll
[2011.02.26 12:30:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe
[2011.02.26 12:30:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe
[2011.02.26 12:30:49 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe
[2011.02.26 12:30:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll
[2011.02.26 12:30:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll
[2010.12.23 15:49:26 | 000,000,444 | ---- | C] () -- C:\Windows\Magix.ini
[2010.12.15 19:16:14 | 000,000,146 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2010.12.15 19:06:19 | 000,003,489 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.06 13:58:35 | 000,007,609 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010.10.03 19:08:13 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.28 16:05:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.04 20:26:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
========== LOP Check ==========
[2012.01.23 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AceBIT
[2010.12.21 20:42:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo Cover Studio 2
[2012.04.10 18:13:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Babylon
[2011.02.19 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Command and Conquer 4
[2010.09.04 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Lite
[2012.06.16 11:39:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDVideoSoft
[2012.01.24 08:44:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.01 12:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\e-academy Inc
[2010.12.13 17:56:10 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla
[2011.12.04 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011.12.17 18:54:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ICQ
[2010.12.23 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ImgBurn
[2010.11.29 16:58:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\JavaEditor
[2011.11.03 19:09:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Kalypso Media
[2010.12.21 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\MAGIX
[2011.02.08 16:36:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Writer
[2012.04.10 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\pdfforge
[2011.11.24 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SpeedSim
[2012.01.21 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Stardock
[2010.09.04 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Toshiba
[2011.11.03 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Tropico 4
[2012.04.23 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TS3Client
[2011.12.30 17:51:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ts3overlay
[2011.12.04 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ubisoft
[2011.06.17 16:51:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent
[2010.09.04 20:26:20 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinBatch
[2012.04.23 16:12:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
Und der Extra.txt von OTL. Code:
OTL Extras logfile created on: 20.07.2012 18:11:58 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.50% Memory free
7.73 Gb Paging File | 5.92 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 61.35 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 29.37 Gb Free Space | 19.73% Space Free | Partition Type: NTFS
Computer Name: ROBI | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FAFFF4-2DA3-4F19-8A35-9D553896423B}" = rport=445 | protocol=6 | dir=out | app=system |
"{063F8915-7024-4B77-A86F-D69091FAC069}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1641B9E9-4528-48EF-B674-0B54F0A579AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1BFC3B52-F1ED-40AF-AAD6-B6DE8861A723}" = rport=139 | protocol=6 | dir=out | app=system |
"{333F107D-5E58-4072-9BF5-F7180AF6A8EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4292091B-8B7D-4D80-A9C6-1614B72EEAC9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4FA63704-75CB-4F9E-A602-51E65662C88D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5183CED0-94BC-4CC8-8FEC-8018292DA617}" = lport=139 | protocol=6 | dir=in | app=system |
"{692719CB-B65D-4083-A06A-F8E77DAFBE7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B33FE03-016F-435B-BA73-80A10598ED45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{76293A68-E112-4F88-A1B2-55986586D61D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C3817F6-F4A8-46F5-8617-C3DD4CBD7288}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D04C8CA-A96E-4C56-BE9F-27C465497684}" = lport=445 | protocol=6 | dir=in | app=system |
"{831DDA9F-7DA7-44C3-80C0-089EB5870B1B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{924AEF68-1F4C-4AD5-881C-F18D59F5FB54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97A3C11D-734E-4C5B-97EB-96335035233A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E55C288-9734-4906-A064-7BC849D39D77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B239058E-C75A-422E-A071-8C060776524A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C428F0FB-4F18-482A-B597-BD1EE7F342DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8A6DE11-88E2-49A7-9A39-90750A7D4EFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C98905FF-9C06-4E16-A6F3-0AC8E3843C18}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBCFB6B7-288C-44B0-BB3C-BA08D3D92E0D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11C179F-5707-46D4-BCCD-113550FDA5F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC166EF3-50A3-4703-8D55-AE36715B5773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EA260D-EDC9-4D37-A00A-9068BFDF32E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0922C112-92B6-4773-9257-7E26C8F5BCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0984A018-E1F8-4ED3-9DA8-A1A31055A107}" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\relicdownloader\relicdownloader.exe |
"{0CF28643-07E7-4DE6-A2B8-E34B999BCC42}" = protocol=6 | dir=in | app=d:\spiele\sacred 2\system\sacred2.exe |
"{0FFD5F25-3D99-477E-8C5E-A9A3A7BD2A84}" = protocol=17 | dir=in | app=d:\spiele\wic\wic_ds.exe |
"{1117EC0C-498A-499D-8D70-63D2E915BDA1}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe |
"{14EA9AE4-F583-468A-B840-F1C8DBB10B44}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{172315A6-209A-4A15-BF8F-7246EA8B39D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{1AC4D91C-280F-4514-A464-69E2302E93A3}" = protocol=6 | dir=in | app=d:\spiele\wic\wic_ds.exe |
"{1D948D5C-F3FC-4207-B272-63C1C32E12E9}" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\reliccoh.exe |
"{21183442-45F9-4782-B76F-22DEC35DA215}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{2360B8FE-0F4F-4EFE-BBF7-C0159D690FDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2415E956-747E-417D-8FDA-8C99744238A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{25182BAA-ACA2-48B7-849C-843515439098}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{28A8EDA3-9530-4C41-BB9E-BEB98FFBD450}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2A8806E1-1D55-4CF3-B99F-FB3F9B515708}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F6F2093-8CDD-48D2-85F8-4570056AD534}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F708076-7D31-48D5-9C19-EC9368888A2A}" = protocol=6 | dir=in | app=d:\spiele\anno270\anno5.exe |
"{38BC431B-0542-4D76-BBB0-12D2FC869A05}" = protocol=17 | dir=in | app=d:\spiele\earth 2160\earth2160_no_sse.exe |
"{3F53EB9D-E47B-4770-9FD8-C9C8FBACE08D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{419E045B-A6A7-42FD-8EE1-6EADF8BAE3FC}" = protocol=6 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{4AE87A91-3B82-4CA8-8622-5731E4E3F2DE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4B5F2817-EE42-477C-BA55-5CFC6C9A145D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{50396CEE-DB16-4515-BD82-03FDD864E1F9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{513E7DDF-4BA9-4BC5-A761-D44F67DDC82C}" = protocol=6 | dir=in | app=d:\spiele\riseofnationsgold\thrones.exe |
"{5828F911-944E-49AC-9BDC-57C861FBA781}" = protocol=6 | dir=in | app=d:\spiele\sin\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{5E9BBCA6-3513-4FDC-9F3A-0F5042405D6B}" = protocol=17 | dir=in | app=d:\spiele\earth 2160\earth2160_sse.exe |
"{5F258188-14F3-45FA-8246-8D73AA2809E1}" = protocol=17 | dir=in | app=d:\spiele\anno270\initengine.exe |
"{5FD18AD0-F755-4F0E-A446-B46557773D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6104A1EB-20D7-4409-9076-E74D8F047913}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{62A6B58F-614A-4F6E-80CA-EAC08055E44C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{690E4EC7-0BE4-4CC1-A40A-6654FE8E013B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A8CED2A-5F21-48BF-BFEE-08376C973AD2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{6E1AB1C6-9B86-4B1E-926C-BA55188F983A}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{6E6E825A-97C5-4A88-A690-95CC720CE6CE}" = protocol=6 | dir=in | app=d:\spiele\sacred 2\system\s2gs.exe |
"{70B3BAF2-13A3-4842-9C30-50F7BA8CD06B}" = protocol=6 | dir=in | app=d:\spiele\wic\wic.exe |
"{7305FBBA-187B-4FF4-AFB4-F2347315AAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{7736FB4B-162E-46D9-8DFC-25CBF6576BE3}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{7747B321-AEFF-499F-84A9-70B1FF8CE974}" = protocol=17 | dir=in | app=d:\spiele\anno270\anno5.exe |
"{7F166A75-9307-4241-8ABE-5FB0DCDF64BD}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe |
"{7F4C9D2D-870C-41E2-8510-0AB11BF0F2AA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{8095BDCB-979D-420B-AC98-B10466240F3F}" = protocol=17 | dir=in | app=d:\spiele\sacred 2\system\sacred2.exe |
"{82747054-C41D-44FF-8C2B-4FF643E0D7A0}" = protocol=17 | dir=in | app=d:\spiele\wic\wic.exe |
"{830045D4-C667-4E6E-96F2-DF349128E536}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{84433555-CDBE-4F5C-8B03-7B06A993F9D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{860118DE-DB47-4B6B-B594-0414FBB78C75}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{88F9B0CE-8F62-4EC0-9166-CCB0736557D6}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"{91EFC706-0246-41CD-A4F2-1BD4F6B6D318}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9258B5A8-7BE6-4C9F-AA63-BD123AFA093D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{93B5C15D-4390-4CCB-8362-C29FE9378C10}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{96954E58-13B2-48A0-9256-1256BC4EB8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{96BB4573-BAF1-4C76-BA54-9A4ED91BDA16}" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\relicdownloader\relicdownloader.exe |
"{96DD5A96-A7DE-4793-B1B9-706F0A442C6D}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{96F9E76A-C9BE-4641-A680-620B841CD932}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9AD402BD-DB7D-402B-A0E9-CC87A5B99FF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2435C27-6687-4327-903A-EFFFD124B5B2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe |
"{A26DBE86-5E10-47C7-BECB-99560C3457DB}" = protocol=17 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{A30B17D8-1673-4C98-A0DA-1809F94D0906}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6226493-6F2D-4490-9C50-55168CA975AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A9E5157B-0E9D-4160-B048-82A15BEB4DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AA59B625-3CA8-4C25-AEF0-5D107AC4529A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{AE28A7A3-1BDF-4EA6-8FBD-D6AA63DDCF3A}" = protocol=17 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\binaries\endwar.exe |
"{B01D0B30-5843-4E8C-85CF-4B158B104920}" = protocol=17 | dir=in | app=d:\spiele\anno270\autopatcher.exe |
"{B2F674C7-C718-4184-92C2-1760EA2F0EAE}" = protocol=17 | dir=in | app=d:\spiele\sacred 2\system\s2gs.exe |
"{B314CB9F-E4AD-4740-BA76-CECB115A3606}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B45619F8-7481-40EA-8D58-617AA3F2A4B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B828CA1E-42F7-483B-9313-6320FB01CCC4}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{B96B6368-85A1-4E9C-81C5-F4CA08CD08A3}" = protocol=6 | dir=in | app=d:\spiele\earth 2160\earth2160_no_sse.exe |
"{B9BD3AEC-C76A-4D7B-897D-EB9EF66188A3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{BC298EEF-A3D3-49FF-9A29-364324404CE7}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
"{BF1D2B85-5699-40CB-B892-A3FF6836DB1F}" = protocol=6 | dir=in | app=d:\spiele\endwar\tom clancy's endwar\binaries\endwar.exe |
"{BF98C983-08D7-424B-891B-229581274A13}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{C0236620-872D-49D2-BE16-CD8EDD6E59CD}" = protocol=17 | dir=in | app=d:\spiele\riseofnationsgold\thrones.exe |
"{C09B95F6-E4DA-4716-9981-C666170F26E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C103378A-6DD0-4551-8A3C-F2AA61760BE5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{C1F594EF-3404-4B91-8696-3CBB0880CC3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3330A97-574A-4FEA-9FFB-E7802B43441E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C6A32C21-EB74-46D1-97E4-32C81ADEE1FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C745E408-4ACF-45DE-9410-F4115701D046}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8806354-B18D-4D59-92E3-2EA9C9753FBD}" = protocol=17 | dir=in | app=d:\spiele\sin\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{CC73220F-444B-4BFC-92FA-7FE9A635029B}" = protocol=17 | dir=in | app=d:\spiele\wic\wic_online.exe |
"{D1EEDEDC-9054-442A-832D-78E3D19326D8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D389BAB5-7520-41CD-8378-B6E9E60A7488}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D5B985F5-A73D-40E4-84A8-17E46370269B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E28FA478-36A5-42CB-9D5E-D9701ADBECFC}" = protocol=6 | dir=in | app=d:\spiele\earth 2160\earth2160_sse.exe |
"{E3DEECB8-7338-46FC-9C91-E0B66BEC105E}" = protocol=6 | dir=out | app=system |
"{E4F96A0C-B9A2-41E3-85D0-6B843ABB7809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8A26B32-1438-4485-9E6F-069D420D4C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{EA1C843E-C7AE-40C7-A1B9-C3E781C693EB}" = protocol=6 | dir=in | app=d:\spiele\anno270\initengine.exe |
"{EAD74459-2EC6-4E0F-BD6C-B95CD52B8334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0EB1EC7-4D3C-46C6-8885-F09C681BD943}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F15ABED3-53B0-4965-A92D-5D664ABBB036}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F5370463-0C09-43EB-95BB-05C2F9104DEC}" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\reliccoh.exe |
"{F56E711D-E363-4CBC-8E06-46E60D498281}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F93A2E1A-8BC4-4415-A8AD-F48C79BAD536}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F988A43C-5924-4A71-9AB4-0B5973ED61F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAB5D870-1AEA-4CE1-B33D-ED7DC82F1CE9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FB0BAC39-EA52-41DF-BF8F-DE5EA218BAAA}" = protocol=6 | dir=in | app=d:\spiele\wic\wic_online.exe |
"{FBAEF721-5DE6-4732-B44F-01A365EC714F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\wargame european escalation\wargame.exe |
"{FCCE222C-E88F-47A6-B3A0-534386B30CD9}" = protocol=6 | dir=in | app=d:\spiele\anno270\autopatcher.exe |
"{FFD8FF51-0D37-4853-ADB6-F0D6BD2418D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{42F9C512-7884-4919-ADB5-F5D5BD840D8D}D:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{A537F1C5-8DE1-4185-B583-392132C548E9}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{B70454A9-EFAD-4794-A0C9-840AA9A0A9DE}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe |
"TCP Query User{EF724CA2-29AD-44B0-A302-7CAF32AB26C4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{62F75982-7F71-4E7A-AF1F-6B82FA7FEEC8}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe |
"UDP Query User{BEABA85C-6D40-4D3F-8312-5301F62FAD0B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C8EDC2E5-D09F-4923-A12E-460DFE0F6CD3}D:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{F07112D9-49BD-44DD-8727-4F32D27BEFF0}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61D4B846-49F8-2639-A4EB-977875265F37}" = ATI Catalyst Install Manager
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89505FE0-A07E-928A-42F4-DA1B2788C01B}" = ccc-utility64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"7-PDF Printer_is1" = 7-PDF Printer 7.1.0.1262
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.18
"Lexmark 2300 Series" = Lexmark 2300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ONAIR_is1" = ONAIR 4.0.0.834
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B9F1A8-CC3B-CCF8-71B6-1ABFE4E00590}" = CCC Help Korean
"{04DE4606-6C76-A25C-BD13-646479CE1A5C}" = CCC Help Russian
"{058E65E2-AFC2-8974-43A2-1EA5A4A53471}" = ccc-core-static
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A81056-303F-A212-191D-35310DE5759F}" = CCC Help English
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0AA381AC-7BBB-5B29-836C-5E13BB91154A}" = CCC Help Hungarian
"{0DDCEDBA-8C17-CC50-7448-9131F3EF7517}" = Catalyst Control Center Localization All
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{162E46EB-F7C6-4B01-2384-349980B3F1BF}" = Catalyst Control Center Core Implementation
"{16622EEF-D159-3EB8-0EE3-F01B98317CED}" = CCC Help Swedish
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C0526C4-478A-9066-F37A-E58F08A21FE9}" = Catalyst Control Center Graphics Full New
"{1F1E9571-0EA2-7AA3-647B-16698BED9CF4}" = CCC Help Danish
"{1FDB8BA3-9E5F-369F-C2A2-AA4AD06F0640}" = CCC Help French
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24642C6B-1F1F-362F-6A7F-14C75C9EE603}" = CCC Help Turkish
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{313B4B6B-61B3-5F70-647B-E6285A9D81DF}" = CCC Help Spanish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3264BE02-6AC0-96B3-A212-392A850D58CA}" = CCC Help German
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CB58AB7-6750-F510-F055-27FA68D77472}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{53007195-C491-23E9-D420-EDAB61E57609}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5833EB1F-F1FD-DA8E-B2BA-C23E58BB0C65}" = Catalyst Control Center Graphics Full Existing
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5d5cf71a-ad07-4329-af80-dce3581cbe98}" = Nero 9 Essentials
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.15f, 2010.11.27
"{66815B84-05B8-4FA3-AACA-3E7C434F78B8}_is1" = Password Depot 5
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68A8941B-6E97-B11C-1B10-C3370E4CC885}" = Catalyst Control Center Graphics Previews Common
"{6910C412-A523-493C-BC22-0213CD7F4F3A}" = IndustrieGigant 2 - Gold Edition
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B59A12B-D448-E129-28E9-57D1E2E5F7BB}" = CCC Help Chinese Traditional
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6CDB6681-B777-4DAD-412E-7933B9296850}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B81F6BB-7C9C-E66F-9989-42EEB1076F84}" = Catalyst Control Center InstallProxy
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85010422-4932-6A9E-C222-A994DA299C81}" = CCC Help Portuguese
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9BE8E5-2263-3EFA-FDD1-11F6E267EEF9}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6210BC-CF1C-E637-C74D-28612585CAD9}" = CCC Help Chinese Standard
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFE6E077-E0A3-2993-0913-8DEEADF4E2DE}" = CCC Help Italian
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{BA28817B-738A-9284-D3D6-E973982AEF3B}" = Catalyst Control Center Graphics Previews Vista
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58362EF-CABB-B475-065B-FD07C0D49770}" = CCC Help Czech
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D432AD16-2F8C-0022-E2F1-E27DCB5F6949}" = CCC Help Japanese
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E616437B-CE55-B463-ED6B-408E29A073CB}" = CCC Help Finnish
"{E718AAF4-CB80-9649-347E-C9A9803BE6D0}" = CCC Help Thai
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5EB2C27-3F16-01B6-BA56-316BC0F8CA87}" = Catalyst Control Center Graphics Light
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bridge Building Game" = Bridge Building Game
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Earth 2160" = Earth 2160
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"Free Audio Converter_is1" = Free Audio Converter version 2.2.11
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Galactic Civilizations II - Endless Universe" = Galactic Civilizations II - Endless Universe
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"JDownloader" = JDownloader
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2006 2007 PLUS D" = MAGIX Video deluxe 2006 2007 PLUS (D)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Panzer Corps_is1" = Panzer Corps version 1.0
"Panzer Corps1.00" = Panzer Corps
"Pride of Nations_is1" = PON 1.01
"RiseOfNationsExpansion 1.0" = Rise of Nations
"ShotOnline" = ShotOnline
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"SpeedSim" = SpeedSim
"StarCraft II" = StarCraft II
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 58610" = Wargame: European Escalation
"Steam App 8930" = Sid Meier's Civilization V
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
"Tropico 4" = Tropico 4 1.00
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.05.2011 12:44:02 | Computer Name = Robi | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.05.2011 13:14:28 | Computer Name = Robi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.05.2011 13:14:40 | Computer Name = Robi | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 09.05.2011 16:55:16 | Computer Name = Robi | Source = MsiInstaller | ID = 11935
Description =
Error - 09.05.2011 16:58:29 | Computer Name = Robi | Source = Application Hang | ID = 1002
Description = Programm msiexec.exe, Version 5.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1770 Startzeit: 01cc0e8743ad4813 Endzeit: 51 Anwendungspfad:
C:\Windows\SysWOW64\msiexec.exe Berichts-ID:
Error - 09.05.2011 17:41:24 | Computer Name = Robi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.05.2011 17:42:57 | Computer Name = Robi | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 10.05.2011 00:37:51 | Computer Name = Robi | Source = ESENT | ID = 215
Description = WinMail (2668) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 10.05.2011 00:38:08 | Computer Name = Robi | Source = ESENT | ID = 215
Description = WinMail (3720) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 10.05.2011 15:45:55 | Computer Name = Robi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 07.07.2012 06:17:46 | Computer Name = Robi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 07.07.2012 06:17:46 | Computer Name = Robi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 09.07.2012 10:22:42 | Computer Name = Robi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?07.?2012 um 23:12:29 unerwartet heruntergefahren.
Error - 10.07.2012 10:34:00 | Computer Name = Robi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Notebook Performance Tuning Service (TEMPRO) erreicht.
Error - 11.07.2012 10:48:13 | Computer Name = Robi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Notebook Performance Tuning Service (TEMPRO) erreicht.
Error - 11.07.2012 16:14:20 | Computer Name = Robi | Source = DCOM | ID = 10010
Description =
Error - 12.07.2012 09:53:34 | Computer Name = Robi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?07.?2012 um 22:22:28 unerwartet heruntergefahren.
Error - 18.07.2012 02:27:41 | Computer Name = Robi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?07.?2012 um 23:12:47 unerwartet heruntergefahren.
Error - 19.07.2012 10:14:08 | Computer Name = Robi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Notebook Performance Tuning Service (TEMPRO) erreicht.
Error - 20.07.2012 11:45:15 | Computer Name = Robi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?07.?2012 um 17:44:22 unerwartet heruntergefahren.
< End of report >
gmer logfile. Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-20 19:22:46
Windows 6.1.7601 Service Pack 1
Running: dq4vktlf.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0xC1 0x7E 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x47 0x2C 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x4B 0x62 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0xC1 0x7E 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x47 0x2C 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x4B 0x62 0xBF ...
---- EOF - GMER 1.0.15 ----
malwarebyte log: Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.20.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rob :: ROBI [Administrator]
20.07.2012 19:28:22
mbam-log-2012-07-20 (19-40-13).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195803
Laufzeit: 6 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»�Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 3
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-2695298073-2113985289-2258375022-1000\$RMEH5QO.exe (Trojan.Agent.BVXGen) -> Keine Aktion durchgeführt.
C:\Users\Rob\AppData\Local\Temp\msimg32.dll (Trojan.Agent.BVXGen) -> Keine Aktion durchgeführt.
(Ende)
|
