Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.02.2013, 20:09   #1
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hallo,

hatte heute folgendes Problem:

Laptop war heute mit einmal Bildschrim weiss. Gestartet im abgesicherten Modus - Laptop ist immer gleich wieder runter gefahren. Beim nächsten Neustart wieder F8 gedrückt, dann auf "Computer reparieren" geklickt, Startsystem reparieren ausgewählt - keine Fehler gefunden, Systemwiederherstellung auf letztes aktuelles Datum (16.02.2013) - Rechner läuft wieder ohne für uns sichtbare Probleme.
GData laufen lassen - hat nichts gefunden.
Malwarebytes installiert, laufen lassen - hat 12 infizierte Dateien gefunden -

siehe LogDatei -

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
steffan :: STEFFAN-TOSH [limitiert]

Schutz: Aktiviert

21.02.2013 19:37:10
MBAM-log-2013-02-21 (20-11-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339974
Laufzeit: 32 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{836E88EF-02A9-49B4-859E-18CFAA2FBAA3} (PUP.BFlix) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Keine Aktion durchgeführt.

Infizierte Dateien: 8
C:\Users\steffan\AppData\Roaming\skype.dat (Malware.Packer.zr0) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Keine Aktion durchgeführt.

(Ende)

Bild dazu habe ich als Anhang beigefügt.

Nun bin ich verunsichert, denn ich kann nur "entferne Auswahl" anklicken - ich kann nicht in Quarantäne verschieben. Hab das Programm jetzt geschlossen ohne etwas zu machen, in der Hoffnung es findet die Fehler nochmals. Nur so kann ich ja aber eure restl. Schritte durchführen.

Hier nun der Inhalt aus den gewünschten Programmen:

defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:44 on 21/02/2013 (steffan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:

OTL logfile created on: 21.02.2013 20:46:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\steffan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,90 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 38,18% Memory free
7,80 Gb Paging File | 5,06 Gb Available in Paging File | 64,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 44,32 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,05 Gb Free Space | 1,31% Space Free | Partition Type: FAT32

Computer Name: STEFFAN-TOSH | User Name: steffan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.21 20:41:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffan\Desktop\OTL.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.04.11 14:37:02 | 001,458,176 | ---- | M] () -- C:\Program Files (x86)\BrytonBridge\BrytonBridge2.exe
PRC - [2012.04.11 14:18:02 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\BrytonBridge\BBService.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.08.09 02:39:32 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.08.09 02:39:26 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.07.22 00:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.07.07 01:24:00 | 000,184,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2011.06.16 16:54:56 | 000,305,080 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2011.06.07 11:07:58 | 000,063,432 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2011.06.07 11:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.12.26 01:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2009.08.31 10:43:46 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2009.08.31 10:43:14 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2003.05.08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (No Company Name) ==========

MOD - [2009.08.31 10:43:14 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.09.23 07:22:46 | 000,582,064 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011.08.23 02:08:16 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011.08.11 00:59:04 | 000,833,464 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011.06.10 06:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011.06.01 21:38:30 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.06.01 21:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.06.01 21:19:58 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.29 01:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.02.07 22:11:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 08:23:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.04.11 14:18:02 | 000,068,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrytonBridge\BBService.exe -- (BBService)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.08.09 02:39:32 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.08.09 02:39:26 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.07.22 00:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.07.12 02:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011.07.07 01:24:00 | 000,184,320 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2011.06.07 11:08:26 | 000,250,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2011.06.07 11:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2011.04.02 02:42:56 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.02.10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.31 10:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.02.21 18:50:35 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.02.21 18:50:31 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.02.21 18:50:31 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.02.21 18:50:30 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.14 03:28:07 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.07 17:10:23 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.07.13 14:04:40 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.03.20 20:29:55 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.08.31 21:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.30 22:48:48 | 000,286,080 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011.08.23 19:41:00 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.07.28 18:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.07.28 18:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.07.13 05:08:02 | 000,019,904 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.26 02:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.28 00:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.29 20:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 19:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.08.30 19:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010.04.26 20:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.31 06:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.24 20:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 21:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.25 00:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.06.20 04:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.17 21:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.22 16:35:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.02.02 18:14:20 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.02.02 18:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.02.02 18:14:20 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012.09.19 09:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B9729D65-D55F-4B79-B362-9931AC2A67B8}
IE:64bit: - HKLM\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B9729D65-D55F-4B79-B362-9931AC2A67B8}
IE - HKLM\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102808&gct=hp
IE - HKCU\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{111F474E-B632-4EA4-8AA0-AB3FC22CE909}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DSGOH&o=102808&src=kw&q={searchTerms}&locale=&apn_ptnrs=^4L&apn_dtid=^YYYYYY^YY^DE&apn_uid=1E90CA49-9B26-4E19-897F-290487A1C033&apn_sauid=297336D0-2DAA-43AE-ABC2-575BA1B3138A
IE - HKCU\..\SearchScopes\{6A8A3BD1-AE3C-4928-A8FB-352DE6DAF286}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3192727
IE - HKCU\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE476
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OywE5ckog&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bf3f5241a-c2c5-42d2-b6a1-2709209bbbac%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B819669ae-9ccd-4fde-acca-4a4428e8e5ed%7D:2.01.13
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.22 03:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.20 21:45:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.22 03:25:38 | 000,000,000 | ---D | M]

[2012.03.20 17:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\Extensions
[2013.02.22 03:25:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions
[2013.01.13 13:41:28 | 000,000,000 | ---D | M] (New Tab URL) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{819669ae-9ccd-4fde-acca-4a4428e8e5ed}
[2013.02.22 03:25:38 | 000,000,000 | ---D | M] (WinZipBar_DE Community Toolbar) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}
[2012.03.23 13:37:49 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\ffxtlbr@incredibar.com
[2012.03.23 13:44:59 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\info@bflix.info
[2012.03.20 18:31:00 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\personas@christopher.beard.xpi
[2012.12.11 15:16:42 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 07:40:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.13 13:51:01 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.01.14 11:03:10 | 000,002,408 | ---- | M] () -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\searchplugins\askcom.xml
[2013.02.22 03:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.21 18:50:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.02.06 08:23:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 14:42:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72D29F9F-7802-4CBE-BEE5-17CEFD60506B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE97A388-03F9-4C7E-BCD5-31F2DB546D58}: NameServer = 212.23.115.148 212.23.97.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bip_camera1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\btassist1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\eccenter1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\panui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\topi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tosbtmng.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tosbtproc1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\usrguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wirelessftp1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bip_camera1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\btassist1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\eccenter1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\panui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\topi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tosbtmng.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tosbtproc1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\toshibaservicestation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\usrguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wirelessftp1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{960cec75-72b2-11e1-b134-e89d87bcbe31}\Shell - "" = AutoRun
O33 - MountPoints2\{960cec75-72b2-11e1-b134-e89d87bcbe31}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{e53bed74-f8e3-11e1-9aa7-e89d87bcbe31}\Shell - "" = AutoRun
O33 - MountPoints2\{e53bed74-f8e3-11e1-9aa7-e89d87bcbe31}\Shell\AutoRun\command - "" = D:\InTune.exe
O33 - MountPoints2\{e53bed74-f8e3-11e1-9aa7-e89d87bcbe31}\Shell\configure\command - "" = D:\InTune.exe
O33 - MountPoints2\{e53bed74-f8e3-11e1-9aa7-e89d87bcbe31}\Shell\install\command - "" = D:\InTune.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.21 20:44:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\steffan\Desktop\OTL.exe
[2013.02.21 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Roaming\Malwarebytes
[2013.02.21 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 19:35:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.21 19:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.21 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Local\Programs
[2013.02.20 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.02.18 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Gutschein Porsche dady
[2013.02.17 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Türen
[2013.02.13 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Roaming\XLMSoft
[2013.02.06 08:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.24 21:30:32 | 000,000,000 | ---D | C] -- C:\output
[2012.03.20 17:10:23 | 000,117,248 | ---- | C] (exe ) -- C:\Users\steffan\AppData\Roaming\skype.dat
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.21 20:44:57 | 000,000,000 | ---- | M] () -- C:\Users\steffan\defogger_reenable
[2013.02.21 20:41:52 | 000,376,832 | ---- | M] () -- C:\Users\steffan\Desktop\gmer_2.1.19081.exe
[2013.02.21 20:41:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffan\Desktop\OTL.exe
[2013.02.21 20:41:22 | 000,050,477 | ---- | M] () -- C:\Users\steffan\Desktop\Defogger.exe
[2013.02.21 20:11:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 19:38:52 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.21 19:38:52 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.21 19:38:52 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.21 19:38:52 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.21 19:38:52 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.21 19:35:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.21 19:07:53 | 000,988,688 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013.02.21 19:07:53 | 000,052,288 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013.02.21 18:50:35 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\HookCentre.sys
[2013.02.21 18:50:31 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\MiniIcpt.sys
[2013.02.21 18:50:31 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\GDBehave.sys
[2013.02.21 18:50:30 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\gdwfpcd64.sys
[2013.02.21 18:33:45 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 18:33:45 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 18:26:52 | 000,000,330 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013.02.21 18:26:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.20 17:17:45 | 000,003,054 | ---- | M] () -- C:\windows\ST5UNST.001
[2013.02.19 18:06:18 | 000,483,402 | ---- | M] () -- C:\Users\steffan\Desktop\milch 017.JPG
[2013.02.15 08:02:18 | 000,344,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.28 14:19:32 | 000,035,104 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2013.01.28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2013.01.28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\uxtuneup.dll
[2013.01.28 14:19:28 | 000,026,400 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2013.01.28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2013.01.24 21:00:57 | 000,011,264 | -H-- | M] () -- C:\Users\steffan\Desktop\photothumb.db
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.21 20:44:57 | 000,000,000 | ---- | C] () -- C:\Users\steffan\defogger_reenable
[2013.02.21 20:43:59 | 000,376,832 | ---- | C] () -- C:\Users\steffan\Desktop\gmer_2.1.19081.exe
[2013.02.21 20:43:52 | 000,050,477 | ---- | C] () -- C:\Users\steffan\Desktop\Defogger.exe
[2013.02.21 19:35:33 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 17:17:33 | 000,003,054 | ---- | C] () -- C:\windows\ST5UNST.001
[2013.02.19 18:06:17 | 000,483,402 | ---- | C] () -- C:\Users\steffan\Desktop\milch 017.JPG
[2012.05.17 16:20:09 | 000,000,556 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.03.21 21:05:29 | 000,988,688 | ---- | C] () -- C:\windows\SysWow64\sig.bin
[2012.03.20 18:44:23 | 004,014,540 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.16 21:30:31 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.08.31 21:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.31 21:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.08.31 21:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.08.31 21:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.08.31 21:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.08.11 22:09:17 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\Canon
[2012.06.14 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\DVDVideoSoft
[2012.06.14 18:11:31 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.29 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\freeCompressor
[2013.01.14 10:23:30 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\FreeTorrentViewer
[2012.05.29 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\HamsterSoft
[2012.06.14 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\OpenCandy
[2013.01.17 21:40:27 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\PhotoScape
[2012.05.17 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\ScanSoft
[2012.11.17 20:12:07 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\SoftGrid Client
[2012.03.23 13:02:12 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\Thinstall
[2012.03.20 21:45:36 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\Thunderbird
[2012.10.14 14:20:21 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\Toshiba
[2012.03.19 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.20 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\TP
[2012.10.14 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\TuneUp Software
[2012.03.19 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\WinBatch
[2013.02.13 20:54:51 | 000,000,000 | ---D | M] -- C:\Users\steffan\AppData\Roaming\XLMSoft

========== Purity Check ==========



< End of report >

Extras:

OTL Extras logfile created on: 21.02.2013 20:46:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\steffan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,90 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 38,18% Memory free
7,80 Gb Paging File | 5,06 Gb Available in Paging File | 64,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 44,32 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,05 Gb Free Space | 1,31% Space Free | Partition Type: FAT32

Computer Name: STEFFAN-TOSH | User Name: steffan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F693062-9D88-4C20-8EF9-9943FAE1D249}" = lport=139 | protocol=6 | dir=in | app=system |
"{17BADBC0-10FB-47A3-9DD9-09F9C7F4071A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{257FA36C-F5B4-4772-BACA-BD82F2B60833}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{273E6A5A-48C5-4383-B6A4-F9E0A37B8644}" = lport=138 | protocol=17 | dir=in | app=system |
"{3D985683-EFFC-4F84-A779-E30FBDA3B901}" = lport=445 | protocol=6 | dir=in | app=system |
"{410D7E12-B0FD-408D-A600-CBE64AFA05AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{438D83B4-9D8A-404A-A2A1-DBF3BF0C5EF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44F4D63B-A007-4EB3-BF3B-2F06A2B94B53}" = lport=10243 | protocol=6 | dir=in | app=system |
"{55415215-FA4F-4C6C-A6C7-D08FFAED4752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E3114F5-DEF8-4761-AA52-109910501C87}" = rport=139 | protocol=6 | dir=out | app=system |
"{602487AD-C76D-4306-9BDB-BC10FEFD92CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D777468-1D12-4289-A653-1D0CEEED44FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F6C2465-D28E-420E-B3A5-DB5CF79A7344}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F99A3D2-2D90-4ECD-8E88-20AC1EEF1A17}" = rport=10243 | protocol=6 | dir=out | app=system |
"{93AD2290-6696-4109-985E-5C5276221165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF484614-043A-41B7-A473-D84DE2CE5266}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22DB54D-705E-4C34-808C-268CD80095A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BDFA025A-5663-421D-A753-901712584E40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BF0A4B22-9D17-4AFD-AA50-C29F6D038377}" = rport=137 | protocol=17 | dir=out | app=system |
"{C29A068E-D391-4785-8BF7-7E106C1B8ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF9B526-C422-4EF5-9D28-B32C7DF8DA88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB8C9F70-8F92-4E6F-BF7A-C653C92B9C97}" = rport=445 | protocol=6 | dir=out | app=system |
"{F10FA4FC-7448-41C8-BEF1-58B83F265C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F848FD20-B1DE-4F13-A34E-CF1F11DF475F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F9C68630-FF58-44EF-93DD-26F1F7E4B48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0262B593-A3C7-41B3-8439-EDFCD4663E56}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07193762-5227-4E92-A716-030F4C137522}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17B49EEB-5200-42B7-9C70-DC3D065D7EAC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1E6631F4-E066-49A3-8C33-4E667556D7EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A197FC6-9A09-4D1E-BDF6-57733740234A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30F676AF-A39E-4523-AE85-0C4935C2B8E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3283A255-1A9E-4FCF-926F-5B887E88AD52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{32FE5CCB-5656-43D6-9337-E829D059EEDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42979B5B-DB43-4FB4-AF37-A33456465A11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45B2F3A1-F563-431B-9B66-5629F801BEC2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{52FBCB28-367B-4169-AA2F-4C76865A501F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60954EEF-150C-4C23-BD19-845F93787395}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{64FF0B95-2838-4BCE-AA7A-D5021C9C0057}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6BAA149D-1F07-4E81-B50F-CAF2E805472F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7C401CD0-1C63-4978-BA49-E4141BFCE6A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{96F91D17-F938-4C3D-A198-9BD16B273CBE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7EDC095-2AAB-4C70-A723-BFAE8EBE7ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B2815AB3-6688-4BF8-8A12-51CF57CFD174}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8440B56-A379-4533-9695-C6826CF24B1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC01ACAE-8146-4249-8547-72D27269A2A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF024EC8-D9AA-418F-8806-F913590F2E9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C627FEC6-15F5-43F7-AF01-26E64FDDF331}" = protocol=6 | dir=out | app=system |
"{CC70735D-8A7A-44EC-9AC3-AD9BCA4C2796}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E810B678-4516-4BFD-94EB-B6D8F218CD3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F04A92E4-C02F-4B85-B72E-7A0FC2573F82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4D24199-0B2A-460D-B1B7-FDD11408C540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{41C2B21A-63BB-4377-9567-A97B15F21E59}" = TOSHIBA eco Utility
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}" = MyPDFConverter
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1EF93620-4B15-4DB4-B0EA-889E2F187081}" = FreeCompressor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E579724-82F9-454C-A98E-39DDDAB167FF}" = Intel(R) Rapid Start Technology
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}" = TOSHIBA ConfigFree
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BA8123A4-34B4-44B8-B8E1-D36F0D0259C9}_is1" = BrytonBridge
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoScape" = PhotoScape
"ProInst" = Intel PROSet Wireless
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0340cb41-e1e2-4563-8ef5-3a52ea5529b0" = Bejeweled 2 Deluxe
"WTA-0e5782c7-505a-4cce-8cbf-a2f2e762c100" = Slingo Deluxe
"WTA-0f73b10c-d9b0-41f0-9050-d9b909ec6274" = Diner Dash 2 Restaurant Rescue
"WTA-298eb7a8-4479-4146-87c0-9b83301010f4" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-379970d8-ad8c-42b4-a6a7-0f2d4491b6c3" = FATE
"WTA-47819ef4-6b97-4ae9-b114-92200c9b7a0c" = Polar Bowler
"WTA-4e45d02b-502b-4953-81f4-1abf38d63df1" = Zuma Deluxe
"WTA-6bf94a5c-a643-45fb-aef1-ecbfd25b3959" = Insaniquarium Deluxe
"WTA-74461e05-5db1-40de-89ee-d28ef0a66f51" = Plants vs. Zombies - Game of the Year
"WTA-7c9038c0-3af7-4653-a47b-652aa45e2a87" = Penguins!
"WTA-7cfdd512-5ff7-4ffd-b353-6aeea3fb5d55" = Chuzzle Deluxe
"WTA-7fc8164b-3230-47cf-86fa-5c18c93837f9" = Wedding Dash 2 - Rings Around the World
"WTA-b34351f1-fd83-4723-ae9d-da6756108e17" = Final Drive: Nitro
"WTA-c2b8b554-70f7-4601-9eea-dc4025bec4ae" = Bejeweled 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.01.2013 18:05:55 | Computer Name = steffan-TOSH | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 15.01.2013 03:48:23 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2013 07:11:22 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 15.01.2013 11:40:06 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 16.01.2013 13:48:09 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 16.01.2013 15:31:55 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 17.01.2013 15:51:07 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 17.01.2013 16:43:53 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 19.01.2013 04:28:24 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 19.01.2013 09:20:54 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21.02.2013 13:15:59 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 21.02.2013 13:15:59 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 21.02.2013 13:15:59 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 21.02.2013 13:15:59 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD cdrom DfsC discache GDMnIcpt gdwfpcd HookCentre NetBIOS NetBT nsiproxy Psched rdbss spldr
tdx
Tosrfcom
vwififlt
Wanarpv6
WfpLwf

Error - 21.02.2013 13:16:09 | Computer Name = steffan-TOSH | Source = DCOM | ID = 10005
Description =

Error - 21.02.2013 13:16:44 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.02.2013 13:26:26 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 21.02.2013 14:34:43 | Computer Name = steffan-TOSH | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 21.02.2013 14:34:43 | Computer Name = steffan-TOSH | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 21.02.2013 14:34:44 | Computer Name = steffan-TOSH | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


< End of report >

und gmer:

GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-21 21:04:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.AJTA 119,24GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\steffan\AppData\Local\Temp\uwdiypog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075501465 2 bytes [50, 75]
.text C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[2552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755014bb 2 bytes [50, 75]
.text ... * 2
.text C:\windows\SysWOW64\DllHost.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075501465 2 bytes [50, 75]
.text C:\windows\SysWOW64\DllHost.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755014bb 2 bytes [50, 75]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4872] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075501465 2 bytes [50, 75]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[4872] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755014bb 2 bytes [50, 75]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e772517
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e772517 (not active ControlSet)

---- EOF - GMER 2.1 ----

So ich hoffe ihr könnt mir bzw. uns helfen.

Ach ja, keine Ahnung ob Ihr das aus den Dateien erkennt - es ist Windows 7 Home Premium 64 bit drauf.

Liebe Grüße
Miniaturansicht angehängter Grafiken
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde-bildschirmansicht-auswertung-malwarebytes.jpg  

Alt 21.02.2013, 23:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________

__________________

Alt 22.02.2013, 16:26   #3
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hi,

habe jetzt das MBAR drüber laufen lassen, hier beide Logfiles:

1. Logfile:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
steffan :: STEFFAN-TOSH [administrator]

22.02.2013 16:52:40
mbar-log-2013-02-22 (16-52-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30012
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{836E88EF-02A9-49B4-859E-18CFAA2FBAA3} (PUP.BFlix) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\ProgramData\TheBflix (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\data (PUP.BFlix) -> Delete on reboot.

Files Detected: 8
c:\Users\steffan\AppData\Roaming\skype.dat (Malware.Packer.zr0) -> Delete on reboot.
c:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Delete on reboot.
c:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Delete on reboot.

(end)


das 2. Logfile:

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
steffan :: STEFFAN-TOSH [administrator]

22.02.2013 17:04:40
mbar-log-2013-02-22 (17-04-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29984
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Dann habe ich das aswMBR gestartet - alles wie beschrieben. Nach einiger Zeit kommt aber eine Fehlermeldung. Hab das 2x probiert - Fehlermeldung kam beide Male.
Bild der Fehlermeldung anbei.

Viele Grüße
__________________
Miniaturansicht angehängter Grafiken
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde-avast-funktioniert-mehr.jpg  

Alt 22.02.2013, 21:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Und die Logs bitte in CODE-Tags!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2013, 23:03   #5
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



So, jetzt hat es geklappt.

Hier das Logfile:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-22 23:59:05
-----------------------------
23:59:05.347    OS Version: Windows x64 6.1.7601 Service Pack 1
23:59:05.347    Number of processors: 4 586 0x2A07
23:59:05.347    ComputerName: STEFFAN-TOSH  UserName: steffan
23:59:05.800    Initialize success
23:59:15.971    AVAST engine defs: 13022200
23:59:26.626    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:59:26.626    Disk 0 Vendor: TOSHIBA_ AJTA Size: 122104MB BusType: 3
23:59:26.641    Disk 0 MBR read successfully
23:59:26.641    Disk 0 MBR scan
23:59:26.673    Disk 0 Windows VISTA default MBR code
23:59:26.673    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
23:59:26.688    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99269 MB offset 3074048
23:59:26.688    Disk 0 Partition 3 00     84 OS/2 hidden C:              8192 MB offset 206376960
23:59:26.719    Disk 0 scanning C:\windows\system32\drivers
23:59:32.101    Service scanning
23:59:48.606    Modules scanning
23:59:48.606    Disk 0 trace - called modules:
23:59:48.606    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
23:59:49.121    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068e5060]
23:59:49.121    3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8004de14e0]
23:59:49.121    5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004de0050]
23:59:49.121    Scan finished successfully
00:00:04.409    Disk 0 MBR has been saved successfully to "C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen\MBR.dat"
00:00:04.409    The log file has been saved successfully to "C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen\aswMBR.txt"
         
Danke für den Hinweis mit dem Logfile.


Alt 22.02.2013, 23:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde

Alt 23.02.2013, 09:03   #7
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hi,
hier jetzt das nächste Logfile:

Code:
ATTFilter
09:57:38.0683 6412  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:57:40.0683 6412  ============================================================
09:57:40.0683 6412  Current date / time: 2013/02/23 09:57:40.0683
09:57:40.0683 6412  SystemInfo:
09:57:40.0683 6412  
09:57:40.0683 6412  OS Version: 6.1.7601 ServicePack: 1.0
09:57:40.0683 6412  Product type: Workstation
09:57:40.0683 6412  ComputerName: STEFFAN-TOSH
09:57:40.0683 6412  UserName: steffan
09:57:40.0683 6412  Windows directory: C:\windows
09:57:40.0683 6412  System windows directory: C:\windows
09:57:40.0683 6412  Running under WOW64
09:57:40.0683 6412  Processor architecture: Intel x64
09:57:40.0683 6412  Number of processors: 4
09:57:40.0683 6412  Page size: 0x1000
09:57:40.0683 6412  Boot type: Normal boot
09:57:40.0683 6412  ============================================================
09:57:41.0013 6412  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:57:41.0013 6412  ============================================================
09:57:41.0013 6412  \Device\Harddisk0\DR0:
09:57:41.0013 6412  MBR partitions:
09:57:41.0013 6412  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC1E2800
09:57:41.0013 6412  ============================================================
09:57:41.0023 6412  C: <-> \Device\Harddisk0\DR0\Partition1
09:57:41.0023 6412  ============================================================
09:57:41.0023 6412  Initialize success
09:57:41.0023 6412  ============================================================
09:58:53.0044 5808  ============================================================
09:58:53.0044 5808  Scan started
09:58:53.0044 5808  Mode: Manual; SigCheck; TDLFS; 
09:58:53.0044 5808  ============================================================
09:58:53.0216 5808  ================ Scan system memory ========================
09:58:53.0216 5808  System memory - ok
09:58:53.0216 5808  ================ Scan services =============================
09:58:53.0263 5808  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:58:53.0403 5808  1394ohci - ok
09:58:53.0403 5808  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:58:53.0434 5808  ACPI - ok
09:58:53.0434 5808  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:58:53.0465 5808  AcpiPmi - ok
09:58:53.0465 5808  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:58:53.0481 5808  AdobeARMservice - ok
09:58:53.0512 5808  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:58:53.0528 5808  AdobeFlashPlayerUpdateSvc - ok
09:58:53.0543 5808  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
09:58:53.0559 5808  adp94xx - ok
09:58:53.0575 5808  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
09:58:53.0590 5808  adpahci - ok
09:58:53.0590 5808  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
09:58:53.0606 5808  adpu320 - ok
09:58:53.0621 5808  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:58:53.0699 5808  AeLookupSvc - ok
09:58:53.0715 5808  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
09:58:53.0746 5808  AFD - ok
09:58:53.0746 5808  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
09:58:53.0762 5808  agp440 - ok
09:58:53.0762 5808  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
09:58:53.0777 5808  ALG - ok
09:58:53.0793 5808  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
09:58:53.0793 5808  aliide - ok
09:58:53.0809 5808  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
09:58:53.0809 5808  amdide - ok
09:58:53.0824 5808  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
09:58:53.0840 5808  AmdK8 - ok
09:58:53.0840 5808  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
09:58:53.0855 5808  AmdPPM - ok
09:58:53.0855 5808  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:58:53.0871 5808  amdsata - ok
09:58:53.0887 5808  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
09:58:53.0902 5808  amdsbs - ok
09:58:53.0902 5808  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:58:53.0918 5808  amdxata - ok
09:58:53.0918 5808  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
09:58:53.0965 5808  AppID - ok
09:58:53.0965 5808  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:58:54.0011 5808  AppIDSvc - ok
09:58:54.0011 5808  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
09:58:54.0058 5808  Appinfo - ok
09:58:54.0058 5808  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
09:58:54.0074 5808  arc - ok
09:58:54.0074 5808  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
09:58:54.0089 5808  arcsas - ok
09:58:54.0089 5808  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:58:54.0136 5808  AsyncMac - ok
09:58:54.0136 5808  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
09:58:54.0152 5808  atapi - ok
09:58:54.0167 5808  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:58:54.0214 5808  AudioEndpointBuilder - ok
09:58:54.0214 5808  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:58:54.0261 5808  AudioSrv - ok
09:58:54.0292 5808  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
09:58:54.0339 5808  AVKProxy - ok
09:58:54.0339 5808  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
09:58:54.0370 5808  AVKService - ok
09:58:54.0386 5808  [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl         C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
09:58:54.0511 5808  AVKWCtl - ok
09:58:54.0511 5808  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:58:54.0557 5808  AxInstSV - ok
09:58:54.0557 5808  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
09:58:54.0589 5808  b06bdrv - ok
09:58:54.0589 5808  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:58:54.0620 5808  b57nd60a - ok
09:58:54.0620 5808  [ 243F23ADE77160AC776370FBAAB7CAC4 ] BBService       C:\Program Files (x86)\BrytonBridge\BBService.exe
09:58:54.0635 5808  BBService ( UnsignedFile.Multi.Generic ) - warning
09:58:54.0635 5808  BBService - detected UnsignedFile.Multi.Generic (1)
09:58:54.0635 5808  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
09:58:54.0651 5808  BDESVC - ok
09:58:54.0667 5808  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
09:58:54.0698 5808  Beep - ok
09:58:54.0713 5808  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
09:58:54.0760 5808  BFE - ok
09:58:54.0776 5808  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
09:58:54.0823 5808  BITS - ok
09:58:54.0838 5808  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:58:54.0854 5808  blbdrive - ok
09:58:54.0854 5808  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:58:54.0869 5808  bowser - ok
09:58:54.0869 5808  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
09:58:54.0885 5808  BrFiltLo - ok
09:58:54.0901 5808  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
09:58:54.0916 5808  BrFiltUp - ok
09:58:54.0926 5808  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
09:58:54.0946 5808  Browser - ok
09:58:54.0946 5808  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:58:54.0976 5808  Brserid - ok
09:58:54.0976 5808  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:58:54.0996 5808  BrSerWdm - ok
09:58:54.0996 5808  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:58:55.0016 5808  BrUsbMdm - ok
09:58:55.0016 5808  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:58:55.0036 5808  BrUsbSer - ok
09:58:55.0036 5808  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
09:58:55.0056 5808  BTHMODEM - ok
09:58:55.0066 5808  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
09:58:55.0096 5808  BTHPORT - ok
09:58:55.0106 5808  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
09:58:55.0136 5808  bthserv - ok
09:58:55.0146 5808  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
09:58:55.0166 5808  BTHUSB - ok
09:58:55.0176 5808  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
09:58:55.0196 5808  btmhsf - ok
09:58:55.0196 5808  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:58:55.0236 5808  cdfs - ok
09:58:55.0246 5808  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
09:58:55.0286 5808  cdrom - ok
09:58:55.0286 5808  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
09:58:55.0326 5808  CertPropSvc - ok
09:58:55.0336 5808  [ B641F0302D444EB94509CFD998CF9FD8 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
09:58:55.0356 5808  cfWiMAXService - ok
09:58:55.0356 5808  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
09:58:55.0376 5808  circlass - ok
09:58:55.0386 5808  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
09:58:55.0406 5808  CLFS - ok
09:58:55.0416 5808  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:55.0426 5808  clr_optimization_v2.0.50727_32 - ok
09:58:55.0436 5808  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:58:55.0456 5808  clr_optimization_v2.0.50727_64 - ok
09:58:55.0466 5808  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:55.0486 5808  clr_optimization_v4.0.30319_32 - ok
09:58:55.0496 5808  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:58:55.0506 5808  clr_optimization_v4.0.30319_64 - ok
09:58:55.0516 5808  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:58:55.0526 5808  CmBatt - ok
09:58:55.0536 5808  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:58:55.0546 5808  cmdide - ok
09:58:55.0556 5808  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
09:58:55.0586 5808  CNG - ok
09:58:55.0586 5808  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
09:58:55.0606 5808  Compbatt - ok
09:58:55.0606 5808  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
09:58:55.0626 5808  CompositeBus - ok
09:58:55.0636 5808  COMSysApp - ok
09:58:55.0636 5808  [ 1263760C5F62674934C709C3EC31869D ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
09:58:55.0646 5808  ConfigFree Service - ok
09:58:55.0656 5808  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
09:58:55.0666 5808  crcdisk - ok
09:58:55.0676 5808  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:58:55.0706 5808  CryptSvc - ok
09:58:55.0716 5808  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:58:55.0766 5808  DcomLaunch - ok
09:58:55.0776 5808  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
09:58:55.0816 5808  defragsvc - ok
09:58:55.0826 5808  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:58:55.0866 5808  DfsC - ok
09:58:55.0876 5808  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
09:58:55.0896 5808  Dhcp - ok
09:58:55.0906 5808  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
09:58:55.0946 5808  discache - ok
09:58:55.0946 5808  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
09:58:55.0966 5808  Disk - ok
09:58:55.0966 5808  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:58:55.0986 5808  Dnscache - ok
09:58:55.0996 5808  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
09:58:56.0036 5808  dot3svc - ok
09:58:56.0046 5808  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
09:58:56.0086 5808  DPS - ok
09:58:56.0086 5808  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:58:56.0106 5808  drmkaud - ok
09:58:56.0116 5808  [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:58:56.0156 5808  DXGKrnl - ok
09:58:56.0166 5808  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\windows\system32\DRIVERS\e1c62x64.sys
09:58:56.0186 5808  e1cexpress - ok
09:58:56.0186 5808  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
09:58:56.0226 5808  EapHost - ok
09:58:56.0276 5808  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
09:58:56.0366 5808  ebdrv - ok
09:58:56.0366 5808  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
09:58:56.0386 5808  EFS - ok
09:58:56.0396 5808  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:58:56.0426 5808  ehRecvr - ok
09:58:56.0436 5808  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
09:58:56.0446 5808  ehSched - ok
09:58:56.0456 5808  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
09:58:56.0486 5808  elxstor - ok
09:58:56.0486 5808  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:58:56.0506 5808  ErrDev - ok
09:58:56.0516 5808  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
09:58:56.0566 5808  EventSystem - ok
09:58:56.0586 5808  [ 57E61DC4F7980D57C0B162FC5B9F0B38 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:58:56.0636 5808  EvtEng - ok
09:58:56.0636 5808  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
09:58:56.0676 5808  exfat - ok
09:58:56.0686 5808  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:58:56.0726 5808  fastfat - ok
09:58:56.0746 5808  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
09:58:56.0776 5808  Fax - ok
09:58:56.0776 5808  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
09:58:56.0796 5808  fdc - ok
09:58:56.0796 5808  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
09:58:56.0836 5808  fdPHost - ok
09:58:56.0836 5808  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
09:58:56.0876 5808  FDResPub - ok
09:58:56.0886 5808  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:58:56.0896 5808  FileInfo - ok
09:58:56.0906 5808  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:58:56.0946 5808  Filetrace - ok
09:58:56.0946 5808  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
09:58:56.0966 5808  flpydisk - ok
09:58:56.0966 5808  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:58:56.0997 5808  FltMgr - ok
09:58:57.0013 5808  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
09:58:57.0044 5808  FontCache - ok
09:58:57.0060 5808  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:58:57.0060 5808  FontCache3.0.0.0 - ok
09:58:57.0075 5808  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:58:57.0091 5808  FsDepends - ok
09:58:57.0091 5808  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:58:57.0107 5808  Fs_Rec - ok
09:58:57.0122 5808  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:58:57.0138 5808  fvevol - ok
09:58:57.0153 5808  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
09:58:57.0169 5808  gagp30kx - ok
09:58:57.0169 5808  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:58:57.0200 5808  GamesAppService - ok
09:58:57.0200 5808  [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave        C:\windows\system32\drivers\GDBehave.sys
09:58:57.0216 5808  GDBehave - ok
09:58:57.0247 5808  [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc         C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
09:58:57.0387 5808  GDFwSvc - ok
09:58:57.0387 5808  [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt        C:\windows\system32\drivers\MiniIcpt.sys
09:58:57.0419 5808  GDMnIcpt - ok
09:58:57.0419 5808  [ D826B9C59DE0B310C9E560763560D8F9 ] GdNetMon        C:\windows\system32\drivers\GdNetMon64.sys
09:58:57.0434 5808  GdNetMon - ok
09:58:57.0450 5808  [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt        C:\windows\system32\drivers\PktIcpt.sys
09:58:57.0465 5808  GDPkIcpt - ok
09:58:57.0481 5808  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
09:58:57.0497 5808  GDScan - ok
09:58:57.0512 5808  [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd         C:\windows\system32\drivers\gdwfpcd64.sys
09:58:57.0528 5808  gdwfpcd - ok
09:58:57.0543 5808  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
09:58:57.0606 5808  gpsvc - ok
09:58:57.0606 5808  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\windows\system32\drivers\GRD.sys
09:58:57.0621 5808  GRD - ok
09:58:57.0637 5808  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:58:57.0653 5808  hcw85cir - ok
09:58:57.0653 5808  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:58:57.0684 5808  HdAudAddService - ok
09:58:57.0699 5808  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
09:58:57.0715 5808  HDAudBus - ok
09:58:57.0731 5808  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
09:58:57.0746 5808  HidBatt - ok
09:58:57.0762 5808  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
09:58:57.0777 5808  HidBth - ok
09:58:57.0777 5808  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
09:58:57.0809 5808  HidIr - ok
09:58:57.0809 5808  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
09:58:57.0855 5808  hidserv - ok
09:58:57.0871 5808  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
09:58:57.0887 5808  HidUsb - ok
09:58:57.0887 5808  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:58:57.0933 5808  hkmsvc - ok
09:58:57.0949 5808  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:58:57.0965 5808  HomeGroupListener - ok
09:58:57.0980 5808  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:58:58.0011 5808  HomeGroupProvider - ok
09:58:58.0011 5808  [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre      C:\windows\system32\drivers\HookCentre.sys
09:58:58.0043 5808  HookCentre - ok
09:58:58.0043 5808  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:58:58.0058 5808  HpSAMD - ok
09:58:58.0074 5808  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:58:58.0136 5808  HTTP - ok
09:58:58.0136 5808  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:58:58.0152 5808  hwpolicy - ok
09:58:58.0152 5808  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
09:58:58.0183 5808  i8042prt - ok
09:58:58.0183 5808  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:58:58.0214 5808  iaStor - ok
09:58:58.0214 5808  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:58:58.0245 5808  iaStorV - ok
09:58:58.0245 5808  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
09:58:58.0261 5808  iBtFltCoex - ok
09:58:58.0277 5808  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:58:58.0323 5808  idsvc - ok
09:58:58.0479 5808  [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
09:58:58.0776 5808  igfx - ok
09:58:58.0791 5808  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
09:58:58.0807 5808  iirsp - ok
09:58:58.0823 5808  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
09:58:58.0885 5808  IKEEXT - ok
09:58:58.0885 5808  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
09:58:58.0901 5808  intaud_WaveExtensible - ok
09:58:58.0947 5808  [ 254FAAE42AFC641C0BE628DE123EA9DE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:58:59.0041 5808  IntcAzAudAddService - ok
09:58:59.0041 5808  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
09:58:59.0072 5808  IntcDAud - ok
09:58:59.0072 5808  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
09:58:59.0088 5808  intelide - ok
09:58:59.0103 5808  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:58:59.0119 5808  intelppm - ok
09:58:59.0119 5808  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:58:59.0181 5808  IPBusEnum - ok
09:58:59.0181 5808  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:58:59.0228 5808  IpFilterDriver - ok
09:58:59.0244 5808  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:58:59.0275 5808  iphlpsvc - ok
09:58:59.0275 5808  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:58:59.0291 5808  IPMIDRV - ok
09:58:59.0306 5808  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:58:59.0353 5808  IPNAT - ok
09:58:59.0353 5808  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:58:59.0369 5808  IRENUM - ok
09:58:59.0369 5808  irstrtsv - ok
09:58:59.0384 5808  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:58:59.0400 5808  isapnp - ok
09:58:59.0400 5808  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:58:59.0431 5808  iScsiPrt - ok
09:58:59.0431 5808  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
09:58:59.0447 5808  iwdbus - ok
09:58:59.0447 5808  [ 8112496F91A80D9EEE8442D61CDF07D7 ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:58:59.0462 5808  jhi_service - ok
09:58:59.0478 5808  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
09:58:59.0478 5808  kbdclass - ok
09:58:59.0493 5808  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
09:58:59.0509 5808  kbdhid - ok
09:58:59.0509 5808  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
09:58:59.0525 5808  KeyIso - ok
09:58:59.0525 5808  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:58:59.0540 5808  KSecDD - ok
09:58:59.0540 5808  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:58:59.0571 5808  KSecPkg - ok
09:58:59.0571 5808  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:58:59.0603 5808  ksthunk - ok
09:58:59.0618 5808  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
09:58:59.0665 5808  KtmRm - ok
09:58:59.0665 5808  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:58:59.0712 5808  LanmanServer - ok
09:58:59.0712 5808  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:58:59.0759 5808  LanmanWorkstation - ok
09:58:59.0759 5808  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:58:59.0805 5808  lltdio - ok
09:58:59.0805 5808  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:58:59.0852 5808  lltdsvc - ok
09:58:59.0852 5808  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:58:59.0899 5808  lmhosts - ok
09:58:59.0899 5808  [ 5495EB40DF7061059C57F0DEFDBD72A1 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:58:59.0915 5808  LMS - ok
09:58:59.0930 5808  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
09:58:59.0946 5808  LSI_FC - ok
09:58:59.0946 5808  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
09:58:59.0961 5808  LSI_SAS - ok
09:58:59.0977 5808  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
09:58:59.0977 5808  LSI_SAS2 - ok
09:58:59.0993 5808  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
09:59:00.0008 5808  LSI_SCSI - ok
09:59:00.0008 5808  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
09:59:00.0039 5808  luafv - ok
09:59:00.0055 5808  [ FAA4F845D478F4CEDF95981AFF859712 ] massfilter      C:\windows\system32\drivers\massfilter.sys
09:59:00.0071 5808  massfilter - ok
09:59:00.0071 5808  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
09:59:00.0102 5808  MBAMProtector - ok
09:59:00.0102 5808  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:59:00.0133 5808  MBAMScheduler - ok
09:59:00.0133 5808  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:59:00.0164 5808  MBAMService - ok
09:59:00.0164 5808  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:59:00.0180 5808  Mcx2Svc - ok
09:59:00.0195 5808  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
09:59:00.0211 5808  megasas - ok
09:59:00.0211 5808  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
09:59:00.0227 5808  MegaSR - ok
09:59:00.0242 5808  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
09:59:00.0242 5808  MEIx64 - ok
09:59:00.0258 5808  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
09:59:00.0289 5808  MMCSS - ok
09:59:00.0289 5808  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
09:59:00.0336 5808  Modem - ok
09:59:00.0336 5808  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:59:00.0351 5808  monitor - ok
09:59:00.0351 5808  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
09:59:00.0367 5808  mouclass - ok
09:59:00.0383 5808  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:59:00.0398 5808  mouhid - ok
09:59:00.0398 5808  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:59:00.0414 5808  mountmgr - ok
09:59:00.0414 5808  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:59:00.0429 5808  MozillaMaintenance - ok
09:59:00.0445 5808  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
09:59:00.0461 5808  mpio - ok
09:59:00.0461 5808  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:59:00.0492 5808  mpsdrv - ok
09:59:00.0507 5808  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:59:00.0570 5808  MpsSvc - ok
09:59:00.0570 5808  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:59:00.0585 5808  MRxDAV - ok
09:59:00.0601 5808  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:59:00.0632 5808  mrxsmb - ok
09:59:00.0632 5808  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:59:00.0648 5808  mrxsmb10 - ok
09:59:00.0663 5808  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:59:00.0679 5808  mrxsmb20 - ok
09:59:00.0679 5808  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
09:59:00.0695 5808  msahci - ok
09:59:00.0695 5808  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:59:00.0710 5808  msdsm - ok
09:59:00.0726 5808  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
09:59:00.0741 5808  MSDTC - ok
09:59:00.0741 5808  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:59:00.0788 5808  Msfs - ok
09:59:00.0788 5808  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:59:00.0835 5808  mshidkmdf - ok
09:59:00.0835 5808  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:59:00.0851 5808  msisadrv - ok
09:59:00.0851 5808  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:59:00.0897 5808  MSiSCSI - ok
09:59:00.0897 5808  msiserver - ok
09:59:00.0897 5808  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:59:00.0944 5808  MSKSSRV - ok
09:59:00.0960 5808  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:59:00.0991 5808  MSPCLOCK - ok
09:59:00.0991 5808  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:59:01.0038 5808  MSPQM - ok
09:59:01.0038 5808  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:59:01.0069 5808  MsRPC - ok
09:59:01.0069 5808  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
09:59:01.0085 5808  mssmbios - ok
09:59:01.0085 5808  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:59:01.0131 5808  MSTEE - ok
09:59:01.0131 5808  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
09:59:01.0147 5808  MTConfig - ok
09:59:01.0147 5808  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
09:59:01.0163 5808  Mup - ok
09:59:01.0178 5808  [ 50B99D53BC013458381C6476D790C9F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:59:01.0194 5808  MyWiFiDHCPDNS - ok
09:59:01.0209 5808  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
09:59:01.0256 5808  napagent - ok
09:59:01.0256 5808  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:59:01.0287 5808  NativeWifiP - ok
09:59:01.0303 5808  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
09:59:01.0319 5808  NAUpdate - ok
09:59:01.0334 5808  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
09:59:01.0365 5808  NDIS - ok
09:59:01.0381 5808  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:59:01.0412 5808  NdisCap - ok
09:59:01.0428 5808  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:59:01.0459 5808  NdisTapi - ok
09:59:01.0459 5808  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:59:01.0506 5808  Ndisuio - ok
09:59:01.0506 5808  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:59:01.0537 5808  NdisWan - ok
09:59:01.0553 5808  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:59:01.0584 5808  NDProxy - ok
09:59:01.0584 5808  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:59:01.0631 5808  NetBIOS - ok
09:59:01.0631 5808  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:59:01.0677 5808  NetBT - ok
09:59:01.0677 5808  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
09:59:01.0693 5808  Netlogon - ok
09:59:01.0709 5808  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
09:59:01.0740 5808  Netman - ok
09:59:01.0755 5808  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
09:59:01.0802 5808  netprofm - ok
09:59:01.0802 5808  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:01.0818 5808  NetTcpPortSharing - ok
09:59:01.0927 5808  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
09:59:02.0114 5808  NETwNs64 - ok
09:59:02.0114 5808  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
09:59:02.0130 5808  nfrd960 - ok
09:59:02.0130 5808  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
09:59:02.0161 5808  NlaSvc - ok
09:59:02.0161 5808  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:59:02.0192 5808  Npfs - ok
09:59:02.0208 5808  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
09:59:02.0239 5808  nsi - ok
09:59:02.0239 5808  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:59:02.0286 5808  nsiproxy - ok
09:59:02.0301 5808  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:59:02.0364 5808  Ntfs - ok
09:59:02.0364 5808  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
09:59:02.0411 5808  Null - ok
09:59:02.0411 5808  [ 550BE6C46110B74C1ED7B156598D67AF ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
09:59:02.0426 5808  nusb3hub - ok
09:59:02.0426 5808  [ 17401C97DCF93F121B89B554D733B836 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
09:59:02.0457 5808  nusb3xhc - ok
09:59:02.0457 5808  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:59:02.0473 5808  nvraid - ok
09:59:02.0489 5808  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:59:02.0504 5808  nvstor - ok
09:59:02.0504 5808  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:59:02.0520 5808  nv_agp - ok
09:59:02.0520 5808  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:59:02.0535 5808  ohci1394 - ok
09:59:02.0551 5808  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:02.0567 5808  ose - ok
09:59:02.0622 5808  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:02.0772 5808  osppsvc - ok
09:59:02.0772 5808  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:59:02.0802 5808  p2pimsvc - ok
09:59:02.0812 5808  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
09:59:02.0832 5808  p2psvc - ok
09:59:02.0832 5808  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
09:59:02.0852 5808  Parport - ok
09:59:02.0852 5808  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:59:02.0872 5808  partmgr - ok
09:59:02.0872 5808  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:59:02.0902 5808  PcaSvc - ok
09:59:02.0902 5808  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
09:59:02.0922 5808  pci - ok
09:59:02.0922 5808  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
09:59:02.0942 5808  pciide - ok
09:59:02.0942 5808  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
09:59:02.0962 5808  pcmcia - ok
09:59:02.0962 5808  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
09:59:02.0982 5808  pcw - ok
09:59:02.0992 5808  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:59:03.0042 5808  PEAUTH - ok
09:59:03.0062 5808  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:59:03.0082 5808  PerfHost - ok
09:59:03.0092 5808  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
09:59:03.0102 5808  PGEffect - ok
09:59:03.0122 5808  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
09:59:03.0182 5808  pla - ok
09:59:03.0192 5808  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:59:03.0212 5808  PlugPlay - ok
09:59:03.0222 5808  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:59:03.0232 5808  PNRPAutoReg - ok
09:59:03.0242 5808  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:59:03.0252 5808  PNRPsvc - ok
09:59:03.0262 5808  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:59:03.0312 5808  PolicyAgent - ok
09:59:03.0322 5808  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
09:59:03.0362 5808  Power - ok
09:59:03.0362 5808  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:59:03.0402 5808  PptpMiniport - ok
09:59:03.0412 5808  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
09:59:03.0432 5808  Processor - ok
09:59:03.0432 5808  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
09:59:03.0452 5808  ProfSvc - ok
09:59:03.0462 5808  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:59:03.0472 5808  ProtectedStorage - ok
09:59:03.0482 5808  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:59:03.0522 5808  Psched - ok
09:59:03.0542 5808  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
09:59:03.0592 5808  ql2300 - ok
09:59:03.0602 5808  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
09:59:03.0612 5808  ql40xx - ok
09:59:03.0622 5808  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
09:59:03.0642 5808  QWAVE - ok
09:59:03.0652 5808  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:59:03.0672 5808  QWAVEdrv - ok
09:59:03.0672 5808  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:59:03.0712 5808  RasAcd - ok
09:59:03.0712 5808  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:59:03.0752 5808  RasAgileVpn - ok
09:59:03.0762 5808  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
09:59:03.0802 5808  RasAuto - ok
09:59:03.0802 5808  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:59:03.0842 5808  Rasl2tp - ok
09:59:03.0852 5808  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
09:59:03.0892 5808  RasMan - ok
09:59:03.0902 5808  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:59:03.0942 5808  RasPppoe - ok
09:59:03.0942 5808  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:59:03.0982 5808  RasSstp - ok
09:59:03.0992 5808  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:59:04.0032 5808  rdbss - ok
09:59:04.0042 5808  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
09:59:04.0062 5808  rdpbus - ok
09:59:04.0062 5808  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:59:04.0102 5808  RDPCDD - ok
09:59:04.0102 5808  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:59:04.0142 5808  RDPENCDD - ok
09:59:04.0152 5808  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:59:04.0192 5808  RDPREFMP - ok
09:59:04.0192 5808  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:59:04.0222 5808  RDPWD - ok
09:59:04.0222 5808  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:59:04.0242 5808  rdyboost - ok
09:59:04.0262 5808  [ 18505D90FEE940EE9EAE4C5B421F22B4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:59:04.0292 5808  RegSrvc - ok
09:59:04.0292 5808  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:59:04.0332 5808  RemoteAccess - ok
09:59:04.0342 5808  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:59:04.0382 5808  RemoteRegistry - ok
09:59:04.0392 5808  [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc          C:\windows\system32\DRIVERS\risdxc64.sys
09:59:04.0412 5808  risdxc - ok
09:59:04.0412 5808  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
09:59:04.0452 5808  ROOTMODEM - ok
09:59:04.0462 5808  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:59:04.0502 5808  RpcEptMapper - ok
09:59:04.0502 5808  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
09:59:04.0522 5808  RpcLocator - ok
09:59:04.0532 5808  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
09:59:04.0572 5808  RpcSs - ok
09:59:04.0582 5808  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:59:04.0622 5808  rspndr - ok
09:59:04.0622 5808  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
09:59:04.0632 5808  SamSs - ok
09:59:04.0642 5808  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:59:04.0652 5808  sbp2port - ok
09:59:04.0662 5808  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:59:04.0702 5808  SCardSvr - ok
09:59:04.0712 5808  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:59:04.0752 5808  scfilter - ok
09:59:04.0762 5808  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
09:59:04.0822 5808  Schedule - ok
09:59:04.0822 5808  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
09:59:04.0862 5808  SCPolicySvc - ok
09:59:04.0872 5808  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:59:04.0892 5808  SDRSVC - ok
09:59:04.0892 5808  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:59:04.0932 5808  secdrv - ok
09:59:04.0932 5808  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
09:59:04.0972 5808  seclogon - ok
09:59:04.0982 5808  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
09:59:05.0012 5808  SENS - ok
09:59:05.0022 5808  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:59:05.0042 5808  SensrSvc - ok
09:59:05.0042 5808  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
09:59:05.0062 5808  Serenum - ok
09:59:05.0062 5808  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
09:59:05.0082 5808  Serial - ok
09:59:05.0082 5808  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
09:59:05.0102 5808  sermouse - ok
09:59:05.0112 5808  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
09:59:05.0152 5808  SessionEnv - ok
09:59:05.0152 5808  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:59:05.0172 5808  sffdisk - ok
09:59:05.0182 5808  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:59:05.0192 5808  sffp_mmc - ok
09:59:05.0202 5808  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:59:05.0222 5808  sffp_sd - ok
09:59:05.0222 5808  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
09:59:05.0242 5808  sfloppy - ok
09:59:05.0242 5808  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:59:05.0292 5808  SharedAccess - ok
09:59:05.0302 5808  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:59:05.0342 5808  ShellHWDetection - ok
09:59:05.0342 5808  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
09:59:05.0362 5808  SiSRaid2 - ok
09:59:05.0372 5808  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
09:59:05.0382 5808  SiSRaid4 - ok
09:59:05.0392 5808  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:59:05.0402 5808  SkypeUpdate - ok
09:59:05.0412 5808  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:59:05.0452 5808  Smb - ok
09:59:05.0462 5808  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:59:05.0472 5808  SNMPTRAP - ok
09:59:05.0482 5808  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
09:59:05.0492 5808  spldr - ok
09:59:05.0502 5808  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
09:59:05.0532 5808  Spooler - ok
09:59:05.0572 5808  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
09:59:05.0662 5808  sppsvc - ok
09:59:05.0672 5808  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:59:05.0712 5808  sppuinotify - ok
09:59:05.0722 5808  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
09:59:05.0742 5808  srv - ok
09:59:05.0752 5808  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:59:05.0772 5808  srv2 - ok
09:59:05.0782 5808  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:59:05.0802 5808  srvnet - ok
09:59:05.0812 5808  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:59:05.0852 5808  SSDPSRV - ok
09:59:05.0852 5808  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:59:05.0892 5808  SstpSvc - ok
09:59:05.0892 5808  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
09:59:05.0912 5808  stexstor - ok
09:59:05.0922 5808  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
09:59:05.0952 5808  stisvc - ok
09:59:05.0952 5808  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
09:59:05.0962 5808  swenum - ok
09:59:05.0972 5808  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
09:59:06.0022 5808  swprv - ok
09:59:06.0042 5808  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:59:06.0092 5808  SynTP - ok
09:59:06.0112 5808  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
09:59:06.0162 5808  SysMain - ok
09:59:06.0162 5808  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:59:06.0182 5808  TabletInputService - ok
09:59:06.0192 5808  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
09:59:06.0242 5808  TapiSrv - ok
09:59:06.0242 5808  [ 048CFE7569D6ADCAB9349BB1A566A79E ] tbhsd           C:\windows\system32\drivers\tbhsd.sys
09:59:06.0262 5808  tbhsd - ok
09:59:06.0262 5808  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
09:59:06.0302 5808  TBS - ok
09:59:06.0332 5808  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:59:06.0422 5808  Tcpip - ok
09:59:06.0452 5808  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:59:06.0492 5808  TCPIP6 - ok
09:59:06.0502 5808  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:59:06.0512 5808  tcpipreg - ok
09:59:06.0522 5808  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
09:59:06.0542 5808  tdcmdpst - ok
09:59:06.0542 5808  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:59:06.0552 5808  TDPIPE - ok
09:59:06.0562 5808  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:59:06.0572 5808  TDTCP - ok
09:59:06.0582 5808  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:59:06.0622 5808  tdx - ok
09:59:06.0632 5808  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
09:59:06.0642 5808  TemproMonitoringService - ok
09:59:06.0642 5808  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
09:59:06.0662 5808  TermDD - ok
09:59:06.0672 5808  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
09:59:06.0722 5808  TermService - ok
09:59:06.0722 5808  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
09:59:06.0742 5808  Themes - ok
09:59:06.0752 5808  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
09:59:06.0782 5808  THREADORDER - ok
09:59:06.0792 5808  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:59:06.0802 5808  TMachInfo - ok
09:59:06.0812 5808  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\windows\system32\TODDSrv.exe
09:59:06.0822 5808  TODDSrv - ok
09:59:06.0842 5808  [ 6CDFED6845A29111E8AE1806196CDA2A ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:59:06.0862 5808  TosCoSrv - ok
09:59:06.0872 5808  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
09:59:06.0882 5808  TOSHIBA Bluetooth Service - ok
09:59:06.0892 5808  [ 641387237B7AB2027E8FD810B8A63282 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
09:59:06.0912 5808  TOSHIBA eco Utility Service - ok
09:59:06.0922 5808  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:59:06.0932 5808  TOSHIBA HDD SSD Alert Service - ok
09:59:06.0932 5808  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\DRIVERS\tosporte.sys
09:59:06.0952 5808  tosporte - ok
09:59:06.0952 5808  [ C42E95FCFEE5F7BA381BFE54DA8EEB3D ] tosrfbd         C:\windows\system32\DRIVERS\tosrfbd.sys
09:59:06.0972 5808  tosrfbd - ok
09:59:06.0982 5808  [ 90F0B1745ABF13F44C2A6ED79F7CE9FB ] tosrfbnp        C:\windows\system32\Drivers\tosrfbnp.sys
09:59:06.0992 5808  tosrfbnp - ok
09:59:07.0002 5808  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\windows\system32\Drivers\tosrfcom.sys
09:59:07.0012 5808  Tosrfcom - ok
09:59:07.0012 5808  [ A4DDAD3BF13F370EC392BE243E334EBA ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
09:59:07.0032 5808  tosrfec - ok
09:59:07.0032 5808  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\windows\system32\DRIVERS\Tosrfhid.sys
09:59:07.0042 5808  Tosrfhid - ok
09:59:07.0052 5808  [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds        C:\windows\system32\DRIVERS\tosrfnds.sys
09:59:07.0062 5808  tosrfnds - ok
09:59:07.0062 5808  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\windows\system32\drivers\tosrfsnd.sys
09:59:07.0082 5808  TosRfSnd - ok
09:59:07.0082 5808  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys
09:59:07.0102 5808  Tosrfusb - ok
09:59:07.0112 5808  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
09:59:07.0132 5808  tos_sps64 - ok
09:59:07.0142 5808  [ 37521A8DF30A306CFC16326120ED09FB ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
09:59:07.0172 5808  TPCHSrv - ok
09:59:07.0182 5808  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
09:59:07.0222 5808  TrkWks - ok
09:59:07.0222 5808  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:59:07.0262 5808  TrustedInstaller - ok
09:59:07.0272 5808  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:59:07.0312 5808  tssecsrv - ok
09:59:07.0312 5808  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:59:07.0332 5808  TsUsbFlt - ok
09:59:07.0332 5808  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
09:59:07.0352 5808  TsUsbGD - ok
09:59:07.0382 5808  [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
09:59:07.0452 5808  TuneUp.UtilitiesSvc - ok
09:59:07.0452 5808  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
09:59:07.0462 5808  TuneUpUtilitiesDrv - ok
09:59:07.0472 5808  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:59:07.0512 5808  tunnel - ok
09:59:07.0512 5808  [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ.SYS
09:59:07.0532 5808  TVALZ - ok
09:59:07.0532 5808  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
09:59:07.0542 5808  TVALZFL - ok
09:59:07.0552 5808  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
09:59:07.0562 5808  uagp35 - ok
09:59:07.0572 5808  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:59:07.0612 5808  udfs - ok
09:59:07.0632 5808  [ A447361E6156AFEF47A42AE9E89B2BB3 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
09:59:07.0642 5808  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
09:59:07.0642 5808  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
09:59:07.0652 5808  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:59:07.0662 5808  UI0Detect - ok
09:59:07.0672 5808  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:59:07.0682 5808  uliagpkx - ok
09:59:07.0692 5808  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
09:59:07.0702 5808  umbus - ok
09:59:07.0712 5808  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
09:59:07.0722 5808  UmPass - ok
09:59:07.0762 5808  [ D329A1589257FB671338E8CDBC6CB6DB ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:59:07.0832 5808  UNS - ok
09:59:07.0842 5808  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
09:59:07.0882 5808  upnphost - ok
09:59:07.0882 5808  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
09:59:07.0902 5808  usbccgp - ok
09:59:07.0912 5808  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:59:07.0932 5808  usbcir - ok
09:59:07.0932 5808  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
09:59:07.0952 5808  usbehci - ok
09:59:07.0962 5808  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
09:59:07.0982 5808  usbhub - ok
09:59:07.0982 5808  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:59:08.0002 5808  usbohci - ok
09:59:08.0002 5808  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:59:08.0022 5808  usbprint - ok
09:59:08.0022 5808  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
09:59:08.0042 5808  usbscan - ok
09:59:08.0052 5808  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:59:08.0072 5808  USBSTOR - ok
09:59:08.0072 5808  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:59:08.0082 5808  usbuhci - ok
09:59:08.0092 5808  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
09:59:08.0112 5808  usbvideo - ok
09:59:08.0122 5808  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
09:59:08.0152 5808  UxSms - ok
09:59:08.0162 5808  [ CC3A994F4733FF4CD8CAF09DF892E61C ] UxTuneUp        C:\windows\System32\uxtuneup.dll
09:59:08.0182 5808  UxTuneUp - ok
09:59:08.0182 5808  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
09:59:08.0202 5808  VaultSvc - ok
09:59:08.0202 5808  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:59:08.0212 5808  vdrvroot - ok
09:59:08.0232 5808  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
09:59:08.0272 5808  vds - ok
09:59:08.0282 5808  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:59:08.0292 5808  vga - ok
09:59:08.0302 5808  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
09:59:08.0342 5808  VgaSave - ok
09:59:08.0342 5808  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:59:08.0362 5808  vhdmp - ok
09:59:08.0362 5808  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
09:59:08.0382 5808  viaide - ok
09:59:08.0382 5808  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:59:08.0402 5808  volmgr - ok
09:59:08.0402 5808  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:59:08.0432 5808  volmgrx - ok
09:59:08.0432 5808  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:59:08.0452 5808  volsnap - ok
09:59:08.0462 5808  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
09:59:08.0482 5808  vsmraid - ok
09:59:08.0502 5808  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
09:59:08.0562 5808  VSS - ok
09:59:08.0572 5808  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:59:08.0592 5808  vwifibus - ok
09:59:08.0592 5808  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:59:08.0612 5808  vwififlt - ok
09:59:08.0622 5808  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:59:08.0632 5808  vwifimp - ok
09:59:08.0652 5808  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
09:59:08.0692 5808  W32Time - ok
09:59:08.0702 5808  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
09:59:08.0722 5808  WacomPen - ok
09:59:08.0732 5808  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:59:08.0772 5808  WANARP - ok
09:59:08.0772 5808  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:59:08.0812 5808  Wanarpv6 - ok
09:59:08.0832 5808  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:59:08.0882 5808  WatAdminSvc - ok
09:59:08.0902 5808  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
09:59:08.0942 5808  wbengine - ok
09:59:08.0952 5808  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:59:08.0972 5808  WbioSrvc - ok
09:59:08.0982 5808  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:59:09.0002 5808  wcncsvc - ok
09:59:09.0012 5808  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:59:09.0022 5808  WcsPlugInService - ok
09:59:09.0032 5808  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
09:59:09.0042 5808  Wd - ok
09:59:09.0052 5808  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:59:09.0092 5808  Wdf01000 - ok
09:59:09.0092 5808  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:59:09.0132 5808  WdiServiceHost - ok
09:59:09.0142 5808  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:59:09.0162 5808  WdiSystemHost - ok
09:59:09.0162 5808  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
09:59:09.0192 5808  WebClient - ok
09:59:09.0202 5808  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:59:09.0242 5808  Wecsvc - ok
09:59:09.0252 5808  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:59:09.0292 5808  wercplsupport - ok
09:59:09.0292 5808  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
09:59:09.0332 5808  WerSvc - ok
09:59:09.0342 5808  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:59:09.0382 5808  WfpLwf - ok
09:59:09.0382 5808  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:59:09.0402 5808  WIMMount - ok
09:59:09.0402 5808  WinDefend - ok
09:59:09.0412 5808  WinHttpAutoProxySvc - ok
09:59:09.0422 5808  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:59:09.0462 5808  Winmgmt - ok
09:59:09.0482 5808  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
09:59:09.0552 5808  WinRM - ok
09:59:09.0562 5808  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
09:59:09.0582 5808  WinUsb - ok
09:59:09.0592 5808  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
09:59:09.0632 5808  Wlansvc - ok
09:59:09.0632 5808  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:59:09.0642 5808  wlcrasvc - ok
09:59:09.0672 5808  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:09.0742 5808  wlidsvc - ok
09:59:09.0752 5808  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:59:09.0762 5808  WmiAcpi - ok
09:59:09.0772 5808  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:59:09.0792 5808  wmiApSrv - ok
09:59:09.0792 5808  WMPNetworkSvc - ok
09:59:09.0802 5808  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:59:09.0812 5808  WPCSvc - ok
09:59:09.0822 5808  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:59:09.0842 5808  WPDBusEnum - ok
09:59:09.0852 5808  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:59:09.0892 5808  ws2ifsl - ok
09:59:09.0892 5808  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
09:59:09.0912 5808  wscsvc - ok
09:59:09.0922 5808  WSearch - ok
09:59:09.0952 5808  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
09:59:10.0012 5808  wuauserv - ok
09:59:10.0022 5808  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:59:10.0032 5808  WudfPf - ok
09:59:10.0042 5808  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:59:10.0062 5808  WUDFRd - ok
09:59:10.0062 5808  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:59:10.0082 5808  wudfsvc - ok
09:59:10.0092 5808  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
09:59:10.0112 5808  WwanSvc - ok
09:59:10.0122 5808  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:59:10.0142 5808  ZTEusbmdm6k - ok
09:59:10.0152 5808  [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
09:59:10.0172 5808  ZTEusbnmea - ok
09:59:10.0182 5808  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
09:59:10.0192 5808  ZTEusbser6k - ok
09:59:10.0212 5808  ================ Scan global ===============================
09:59:10.0212 5808  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:59:10.0222 5808  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:59:10.0222 5808  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:59:10.0232 5808  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:59:10.0242 5808  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:59:10.0242 5808  [Global] - ok
09:59:10.0242 5808  ================ Scan MBR ==================================
09:59:10.0252 5808  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:59:10.0382 5808  \Device\Harddisk0\DR0 - ok
09:59:10.0382 5808  ================ Scan VBR ==================================
09:59:10.0382 5808  [ 2316A532F8370518556363814826AC29 ] \Device\Harddisk0\DR0\Partition1
09:59:10.0382 5808  \Device\Harddisk0\DR0\Partition1 - ok
09:59:10.0382 5808  ============================================================
09:59:10.0382 5808  Scan finished
09:59:10.0382 5808  ============================================================
09:59:10.0392 7000  Detected object count: 2
09:59:10.0392 7000  Actual detected object count: 2
10:00:31.0932 7000  BBService ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:31.0932 7000  BBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:00:31.0932 7000  UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:00:31.0932 7000  UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Das Programm hatte 2 Funde - Jion Air gehört zu dem mobilen Internetstick
und das Bryton gehört zum GSP-Gerät - nur zur Info.

Alt 24.02.2013, 20:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Dann bitte jetzt CF ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2013, 07:48   #9
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hi,

bitte nicht wundern - kann erst am Freitag antworten, da ich da erst wieder zu Hause bin und auch da erst wieder an den betroffenen Rechner komme.

Wünsche eine schöne Woche und sag mal bis Freitag.

Viele Grüße :-)

Alt 05.03.2013, 05:55   #10
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hallo,

hier nun endlich das Logfile von Combofix.

[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-04.01 - steffan 04.03.2013  19:35:37.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3997.2329 [GMT 1:00]
ausgeführt von:: c:\users\steffan\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-05 bis 2013-03-05  ))))))))))))))))))))))))))))))
.
.
2013-03-04 22:38 . 2013-03-04 22:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-04 18:33 . 2013-03-04 18:33	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{99E597CB-6313-49AC-90DA-7D188EF4C036}\offreg.dll
2013-03-03 23:19 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{99E597CB-6313-49AC-90DA-7D188EF4C036}\mpengine.dll
2013-02-21 18:35 . 2013-02-21 18:35	--------	d-----w-	c:\users\steffan\AppData\Roaming\Malwarebytes
2013-02-21 18:35 . 2013-02-21 18:35	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-21 18:35 . 2013-02-21 18:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-21 18:35 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-21 18:35 . 2013-02-21 18:35	--------	d-----w-	c:\users\steffan\AppData\Local\Programs
2013-02-21 17:31 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-21 17:31 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-21 17:31 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-20 16:14 . 2013-02-20 16:14	--------	d-----w-	c:\program files\DIFX
2013-02-15 06:55 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 06:55 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:41 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 06:41 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 06:41 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 06:41 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 06:41 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 06:41 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 06:41 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 06:41 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 06:41 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 19:54 . 2013-02-13 19:54	--------	d-----w-	c:\users\steffan\AppData\Roaming\XLMSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 13:17 . 2012-04-20 09:54	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 13:17 . 2012-03-23 13:20	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-21 20:24 . 2012-03-20 19:30	62368	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-02-21 17:50 . 2012-03-20 19:29	64416	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-02-21 17:50 . 2012-03-20 19:29	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-02-21 17:50 . 2012-03-20 19:29	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-02-21 17:50 . 2012-03-20 19:29	65008	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-02-15 06:57 . 2012-03-28 17:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-28 13:19 . 2012-10-14 13:41	35104	----a-w-	c:\windows\system32\TURegOpt.exe
2013-01-28 13:19 . 2012-12-19 19:28	37664	----a-w-	c:\windows\system32\uxtuneup.dll
2013-01-28 13:19 . 2012-12-19 19:28	29984	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2013-01-28 13:19 . 2012-10-14 13:41	26400	----a-w-	c:\windows\system32\authuitu.dll
2013-01-28 13:19 . 2012-10-14 13:41	21792	----a-w-	c:\windows\SysWow64\authuitu.dll
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-14 02:28 . 2013-01-14 02:28	47240	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2013-01-10 13:35 . 2012-05-21 10:05	11240	----a-w-	c:\windows\SysWow64\GdScrSv.de.dll
2013-01-04 04:43 . 2013-02-14 06:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-19 19:00 . 2012-12-19 19:00	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-19 19:00 . 2012-12-19 19:00	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-19 19:00 . 2011-10-16 20:29	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-20 22:00	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 22:00	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:00	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:00	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 06:33	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 06:33	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 06:33	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 06:33	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 06:33	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 06:33	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 06:33	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 06:33	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 06:33	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 06:33	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 06:33	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 06:33	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 06:33	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 06:33	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 06:33	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 06:33	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 06:33	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 06:33	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 06:33	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 06:33	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 06:33	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 06:33	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 06:33	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 06:33	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 06:33	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 06:33	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 06:33	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 06:33	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 06:33	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 06:33	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 06:33	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 06:33	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-06-01 506712]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-08-31 132608]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"OpwareSE2"="c:\program files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-10 2750376]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-10-16 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"OPSE reminder"="c:\program files (x86)\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "c:\program files (x86)\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 BBService;Bryton Bridge Service;c:\program files (x86)\BrytonBridge\BBService.exe [2012-04-11 68096]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2012-03-20 31608]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-28 1255736]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-02-21 54176]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-02-21 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-02-21 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-07-13 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-02-21 64416]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-08-23 294848]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-02-21 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-28 92672]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-28 209408]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-08-10 833464]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 13:22]
.
2013-03-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-21 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-10 12856936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-10-16 150992]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.ask.com/?l=dis&o=102808&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE97A388-03F9-4C7E-BCD5-31F2DB546D58}: NameServer = 212.23.115.148 212.23.97.2
FF - ProfilePath - c:\users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=
FF - ExtSQL: 2013-01-13 13:41; {819669ae-9ccd-4fde-acca-4a4428e8e5ed}; c:\users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{819669ae-9ccd-4fde-acca-4a4428e8e5ed}
FF - ExtSQL: 2013-01-13 13:51; {dc572301-7619-498c-a57d-39143191b318}; c:\users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OywE5ckog&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 082c86a6000000000000000000000000
FF - user.js: extensions.incredibar_i.instlDay - 15422
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:37
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OywE5ckog
FF - user.js: extensions.incredibar_i.upn2n - 92261113783109152
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 20%5F3
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05  06:49:33
ComboFix-quarantined-files.txt  2013-03-05 05:49
.
Vor Suchlauf: 8 Verzeichnis(se), 52.975.202.304 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 52.599.152.640 Bytes frei
.
- - End Of File - - BCCDEC9E9CDA68E319494F05811CF594
         
--- --- ---


Viele Grüße

Alt 05.03.2013, 09:43   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2013, 20:06   #12
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hi, hier nun die nächsten Loffiles.

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by steffan on 11.03.2013 at 20:33:52,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-317936193-2361039012-3725167726-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\incredibar.com
Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\ext\preapproved\forcerenive
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\steffan\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\steffan\AppData\Roaming\freecompressor"
Successfully deleted: [Folder] "C:\Users\steffan\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\steffan\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\steffan\appdata\local\freecompressor air"
Successfully deleted: [Folder] "C:\Users\steffan\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\steffan\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Users\steffan\appdata\locallow\thebflix"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\freecompressor"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thebflix"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\user.js
Successfully deleted: [File] C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\conduitcommon
Successfully deleted: [Folder] C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Folder] C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\info@bflix.info
Successfully deleted the following from C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\prefs.js

user_pref("CT3192727..clientLogIsEnabled", false);
user_pref("CT3192727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3192727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3192727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT3192727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT3192727.BrowserCompStateIsOpen_130041081083652662", true);
user_pref("CT3192727.CTID", "CT3192727");
user_pref("CT3192727.CurrentServerDate", "16-2-2013");
user_pref("CT3192727.DSInstall", true);
user_pref("CT3192727.DialogsAlignMode", "LTR");
user_pref("CT3192727.DialogsGetterLastCheckTime", "Sat Feb 16 2013 12:52:36 GMT+0100");
user_pref("CT3192727.DownloadReferralCookieData", "");
user_pref("CT3192727.EMailNotifierPollDate", "Fri Mar 23 2012 15:46:59 GMT+0100");
user_pref("CT3192727.FirstServerDate", "23-3-2012");
user_pref("CT3192727.FirstTime", true);
user_pref("CT3192727.FirstTimeFF3", true);
user_pref("CT3192727.FixPageNotFoundErrors", true);
user_pref("CT3192727.GroupingServerCheckInterval", 1440);
user_pref("CT3192727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT3192727.HPInstall", true);
user_pref("CT3192727.HasUserGlobalKeys", true);
user_pref("CT3192727.HomePageProtectorEnabled", true);
user_pref("CT3192727.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13");
user_pref("CT3192727.Initialize", true);
user_pref("CT3192727.InitializeCommonPrefs", true);
user_pref("CT3192727.InstallationAndCookieDataSentCount", 3);
user_pref("CT3192727.InstallationId", "ConduitNSISIntegration");
user_pref("CT3192727.InstallationType", "ConduitXPEIntegration");
user_pref("CT3192727.InstalledDate", "Fri Mar 23 2012 14:51:59 GMT+0100");
user_pref("CT3192727.IsAlertDBUpdated", true);
user_pref("CT3192727.IsGrouping", false);
user_pref("CT3192727.IsInitSetupIni", true);
user_pref("CT3192727.IsMulticommunity", false);
user_pref("CT3192727.IsOpenThankYouPage", false);
user_pref("CT3192727.IsOpenUninstallPage", false);
user_pref("CT3192727.IsProtectorsInit", true);
user_pref("CT3192727.LanguagePackLastCheckTime", "Sat Feb 16 2013 12:52:36 GMT+0100");
user_pref("CT3192727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT3192727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT3192727.LastLogin_3.10.0.1", "Fri Mar 23 2012 14:52:00 GMT+0100");
user_pref("CT3192727.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:01:53 GMT+0200");
user_pref("CT3192727.LastLogin_3.12.2.3", "Fri May 25 2012 14:08:15 GMT+0200");
user_pref("CT3192727.LastLogin_3.13.0.6", "Sun Jul 15 2012 18:28:55 GMT+0200");
user_pref("CT3192727.LastLogin_3.14.1.0", "Wed Aug 22 2012 09:13:49 GMT+0200");
user_pref("CT3192727.LastLogin_3.15.1.0", "Sun Nov 11 2012 23:32:10 GMT+0100");
user_pref("CT3192727.LastLogin_3.16.0.3", "Sat Feb 16 2013 12:52:36 GMT+0100");
user_pref("CT3192727.LatestVersion", "3.18.0.7");
user_pref("CT3192727.Locale", "de");
user_pref("CT3192727.MCDetectTooltipHeight", "83");
user_pref("CT3192727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT3192727.MCDetectTooltipWidth", "295");
user_pref("CT3192727.MyStuffEnabledAtInstallation", true);
user_pref("CT3192727.OriginalFirstVersion", "3.10.0.1");
user_pref("CT3192727.SavedHomepage", "hxxp://mystart.incredibar.com/mb119?a=6OywE5ckog&i=26");
user_pref("CT3192727.SearchCaption", "WinZipBar_DE Customized Web Search");
user_pref("CT3192727.SearchEngineBeforeUnload", "WinZipBar_DE Customized Web Search");
user_pref("CT3192727.SearchFromAddressBarIsInit", true);
user_pref("CT3192727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=");
user_pref("CT3192727.SearchInNewTabEnabled", true);
user_pref("CT3192727.SearchInNewTabIntervalMM", 1440);
user_pref("CT3192727.SearchInNewTabLastCheckTime", "Sat Feb 16 2013 12:52:33 GMT+0100");
user_pref("CT3192727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT3192727.SearchInNewTabUserEnabled", false);
user_pref("CT3192727.SearchProtectorEnabled", true);
user_pref("CT3192727.SearchProtectorToolbarDisabled", false);
user_pref("CT3192727.SendProtectorDataViaLogin", true);
user_pref("CT3192727.ServiceMapLastCheckTime", "Sat Feb 16 2013 12:52:36 GMT+0100");
user_pref("CT3192727.SettingsLastCheckTime", "Sat Feb 16 2013 12:52:33 GMT+0100");
user_pref("CT3192727.SettingsLastUpdate", "1361001222");
user_pref("CT3192727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13");
user_pref("CT3192727.ThirdPartyComponentsInterval", 504);
user_pref("CT3192727.ThirdPartyComponentsLastCheck", "Fri Mar 23 2012 14:51:58 GMT+0100");
user_pref("CT3192727.ThirdPartyComponentsLastUpdate", "1255344657");
user_pref("CT3192727.ToolbarShrinkedFromSetup", false);
user_pref("CT3192727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3192727");
user_pref("CT3192727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3192727.UserID", "UN08418621164215934");
user_pref("CT3192727.alertChannelId", "1606848");
user_pref("CT3192727.autoDisableScopes", -1);
user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3192727.globalFirstTimeInfoLastCheckTime", "Fri Mar 23 2012 14:51:59 GMT+0100");
user_pref("CT3192727.homepageProtectorEnableByLogin", true);
user_pref("CT3192727.initDone", true);
user_pref("CT3192727.isAppTrackingManagerOn", true);
user_pref("CT3192727.myStuffEnabled", true);
user_pref("CT3192727.myStuffPublihserMinWidth", 400);
user_pref("CT3192727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3192727.myStuffServiceIntervalMM", 1440);
user_pref("CT3192727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3192727.navigateToUrlOnSearch", false);
user_pref("CT3192727.revertSettingsEnabled", true);
user_pref("CT3192727.searchProtectorDialogDelayInSec", 10);
user_pref("CT3192727.searchProtectorEnableByLogin", true);
user_pref("CT3192727.testingCtid", "");
user_pref("CT3192727.toolbarAppMetaDataLastCheckTime", "Sat Feb 16 2013 12:52:34 GMT+0100");
user_pref("CT3192727.toolbarContextMenuLastCheckTime", "Fri Mar 23 2012 14:52:00 GMT+0100");
user_pref("CT3192727.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3192727&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar_DE Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727", "\"6e04750a51f52c3503e4aec4839f86e43\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1606848/1600605/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"801a319dd78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://newtab.conduit-hosting.com/newtab/?ctid=CT3192727", "\"56f-38c-4f0e4f0d\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727", "\"e6101702f527aee00717f58173faa054\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"fec26c83bb179b071544577cc10f1a1f\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\steffan\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\wu8xgxv7.default\\conduitCommon\\modules\\3.10.0.1");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OywE5ckog&&i=26&search=");
user_pref("CommunityToolbar.ToolbarsList", "CT3192727");
user_pref("CommunityToolbar.ToolbarsList2", "CT3192727");
user_pref("CommunityToolbar.ToolbarsList4", "CT3192727");
user_pref("CommunityToolbar.globalUserId", "040dca23-c1f2-4273-a1a2-662557c0968c");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3192727");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 23 2012 14:52:02 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Mar 23 2012 14:52:11 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Mar 23 2012 14:51:58 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "6fbce781-faec-4e85-a3ee-472862682e50");
user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.incredibar.com/mb119?a=6OywE5ckog&i=26");
user_pref("CommunityToolbar.originalSearchEngine", "Google");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "WinZipBar_DE Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,
user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10606");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "082c86a6000000000000000000000000");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15422");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "20%5F3");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OywE5ckog&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OywE5ckog");
user_pref("extensions.incredibar_i.upn2n", "92261113783109152");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:37:49");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3192727&SearchSource=2&q=");
Emptied folder: C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\minidumps [216 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2013 at 20:45:41,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 11/03/2013 um 20:46:52 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : steffan - STEFFAN-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\steffan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCompressor
Ordner Gelöscht : C:\Users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\CT3192727
Ordner Gelöscht : C:\Users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\FreeCompressor
Schlüssel Gelöscht : HKLM\Software\AedgePerformanceBCN
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\FreeCompressor
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EF93620-4B15-4DB4-B0EA-889E2F187081}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\steffan\AppData\Roaming\Mozilla\Firefox\Profiles\wu8xgxv7.default\prefs.js

Gelöscht : user_pref("CT3192727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3192727/CT3192727[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1606848/1600605/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3192727", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://newtab.conduit-hosting.com/newtab/?ctid=CT3192727", "\"56f-3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3192727",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"fec[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\steffan\\AppData\\Roaming\\Mozilla\[...]

*************************

AdwCleaner[S1].txt - [8038 octets] - [11/03/2013 20:46:52]

########## EOF - C:\AdwCleaner[S1].txt - [8098 octets] ##########
         
otl:
Code:
ATTFilter
OTL logfile created on: 11.03.2013 20:52:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,34% Memory free
7,80 Gb Paging File | 5,53 Gb Available in Paging File | 70,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 40,27 Gb Free Space | 41,54% Space Free | Partition Type: NTFS
 
Computer Name: STEFFAN-TOSH | User Name: steffan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\BrytonBridge\BrytonBridge2.exe ()
PRC - C:\Program Files (x86)\BrytonBridge\BBService.exe ()
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBService) -- C:\Program Files (x86)\BrytonBridge\BBService.exe ()
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes\{111F474E-B632-4EA4-8AA0-AB3FC22CE909}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DSGOH&o=102808&src=kw&q={searchTerms}&locale=&apn_ptnrs=^4L&apn_dtid=^YYYYYY^YY^DE&apn_uid=1E90CA49-9B26-4E19-897F-290487A1C033&apn_sauid=297336D0-2DAA-43AE-ABC2-575BA1B3138A
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes\{6A8A3BD1-AE3C-4928-A8FB-352DE6DAF286}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3192727
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes\{B9729D65-D55F-4B79-B362-9931AC2A67B8}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE476
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bf3f5241a-c2c5-42d2-b6a1-2709209bbbac%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B819669ae-9ccd-4fde-acca-4a4428e8e5ed%7D:2.01.13
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.22 03:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.20 21:45:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.22 03:25:38 | 000,000,000 | ---D | M]
 
[2012.03.20 17:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\Extensions
[2013.03.11 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions
[2013.01.13 13:41:28 | 000,000,000 | ---D | M] (New Tab URL) -- C:\Users\steffan\AppData\Roaming\mozilla\Firefox\Profiles\wu8xgxv7.default\extensions\{819669ae-9ccd-4fde-acca-4a4428e8e5ed}
[2012.03.20 18:31:00 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\personas@christopher.beard.xpi
[2012.12.11 15:16:42 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 07:40:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.13 13:51:01 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\steffan\AppData\Roaming\mozilla\firefox\profiles\wu8xgxv7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.02.22 03:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.21 18:50:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
File not found (No name found) -- C:\USERS\STEFFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WU8XGXV7.DEFAULT\EXTENSIONS\{F3F5241A-C2C5-42D2-B6A1-2709209BBBAC}
[2013.02.06 08:23:40 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 14:42:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.05 06:47:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-317936193-2361039012-3725167726-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-317936193-2361039012-3725167726-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72D29F9F-7802-4CBE-BEE5-17CEFD60506B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE97A388-03F9-4C7E-BCD5-31F2DB546D58}: NameServer = 212.23.115.148 212.23.97.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.11 20:33:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.03.11 20:33:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.11 15:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.03.11 15:38:24 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2013.03.11 15:38:23 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2013.03.11 13:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013.03.11 13:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.11 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.03.11 13:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.03.04 18:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.03.04 18:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.03.04 18:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.03.04 18:27:13 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.03.03 23:42:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.03 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Neuer Ordner
[2013.02.27 03:00:26 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013.02.27 03:00:26 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 03:00:26 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013.02.27 03:00:26 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013.02.27 03:00:24 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013.02.27 03:00:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013.02.27 03:00:22 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013.02.27 03:00:22 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 03:00:22 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 03:00:22 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 03:00:22 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 03:00:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 03:00:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 03:00:22 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 03:00:22 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 03:00:21 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013.02.27 03:00:21 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013.02.27 03:00:21 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013.02.27 03:00:21 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013.02.27 03:00:21 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013.02.27 03:00:21 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013.02.27 03:00:21 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013.02.27 03:00:21 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013.02.27 03:00:21 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 03:00:21 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013.02.27 03:00:21 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013.02.27 03:00:21 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013.02.27 03:00:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 03:00:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 03:00:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 03:00:21 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 03:00:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 03:00:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 03:00:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 03:00:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 03:00:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 03:00:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 03:00:20 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013.02.27 03:00:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013.02.27 03:00:20 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013.02.27 03:00:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013.02.22 16:43:00 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen
[2013.02.22 10:24:32 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Meerforelle
[2013.02.21 21:24:17 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013.02.21 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Roaming\Malwarebytes
[2013.02.21 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 19:35:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.21 19:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.21 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Local\Programs
[2013.02.21 18:31:56 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.02.21 18:31:55 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.02.21 18:31:55 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.02.20 17:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.02.18 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Gutschein Porsche dady
[2013.02.17 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\steffan\Desktop\Türen
[2013.02.14 21:05:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.02.14 21:05:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.02.14 21:05:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.02.14 21:05:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.02.14 21:05:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.02.14 21:05:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.02.14 21:05:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.02.14 21:05:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.02.14 21:05:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.02.14 21:05:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.02.14 21:05:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.02.14 21:05:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.02.14 21:05:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.02.14 21:05:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.02.14 21:05:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.02.14 07:41:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013.02.14 07:41:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013.02.14 07:41:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013.02.14 07:41:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013.02.14 07:41:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013.02.14 07:41:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013.02.14 07:41:10 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\steffan\AppData\Roaming\XLMSoft
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.11 20:54:49 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.03.11 20:54:49 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.03.11 20:54:49 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.03.11 20:54:49 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.03.11 20:54:49 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.03.11 20:50:08 | 000,000,330 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013.03.11 20:49:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.11 20:36:18 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 20:36:18 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 15:11:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.11 13:50:20 | 000,000,221 | ---- | M] () -- C:\Users\steffan\Desktop\Train Simulator 2013.url
[2013.03.11 13:46:02 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.03.11 10:05:58 | 001,005,329 | ---- | M] () -- C:\windows\SysWow64\sig.bin
[2013.03.11 10:05:58 | 000,052,873 | ---- | M] () -- C:\windows\SysWow64\nmp.map
[2013.03.06 11:43:50 | 000,597,667 | ---- | M] () -- C:\Users\steffan\Desktop\adwcleaner.exe
[2013.03.05 06:47:17 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.02.27 14:17:16 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 14:17:16 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 23:58:23 | 487,882,068 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.02.21 21:24:26 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\PktIcpt.sys
[2013.02.21 20:44:57 | 000,000,000 | ---- | M] () -- C:\Users\steffan\defogger_reenable
[2013.02.21 18:50:35 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\HookCentre.sys
[2013.02.21 18:50:31 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\MiniIcpt.sys
[2013.02.21 18:50:31 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\GDBehave.sys
[2013.02.21 18:50:30 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\gdwfpcd64.sys
[2013.02.20 17:17:45 | 000,003,054 | ---- | M] () -- C:\windows\ST5UNST.001
[2013.02.15 08:02:18 | 000,344,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.11 20:33:14 | 000,597,667 | ---- | C] () -- C:\Users\steffan\Desktop\adwcleaner.exe
[2013.03.11 13:50:20 | 000,000,221 | ---- | C] () -- C:\Users\steffan\Desktop\Train Simulator 2013.url
[2013.03.11 13:33:49 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.03.04 18:28:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.03.04 18:28:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.03.04 18:28:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.03.04 18:28:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.03.04 18:28:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.02.21 21:24:14 | 487,882,068 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013.02.21 20:44:57 | 000,000,000 | ---- | C] () -- C:\Users\steffan\defogger_reenable
[2013.02.20 17:17:33 | 000,003,054 | ---- | C] () -- C:\windows\ST5UNST.001
[2012.05.17 16:20:09 | 000,000,556 | ---- | C] () -- C:\windows\MAXLINK.INI
[2012.03.21 21:05:29 | 001,005,329 | ---- | C] () -- C:\windows\SysWow64\sig.bin
[2012.03.20 18:44:23 | 004,014,540 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.16 21:30:31 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.08.31 21:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.31 21:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.08.31 21:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.08.31 21:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.08.31 21:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OLT Extras:
Code:
ATTFilter
OTL Extras logfile created on: 11.03.2013 20:52:11 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,34% Memory free
7,80 Gb Paging File | 5,53 Gb Available in Paging File | 70,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 40,27 Gb Free Space | 41,54% Space Free | Partition Type: NTFS
 
Computer Name: STEFFAN-TOSH | User Name: steffan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-317936193-2361039012-3725167726-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F693062-9D88-4C20-8EF9-9943FAE1D249}" = lport=139 | protocol=6 | dir=in | app=system | 
"{17BADBC0-10FB-47A3-9DD9-09F9C7F4071A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{257FA36C-F5B4-4772-BACA-BD82F2B60833}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{273E6A5A-48C5-4383-B6A4-F9E0A37B8644}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3D985683-EFFC-4F84-A779-E30FBDA3B901}" = lport=445 | protocol=6 | dir=in | app=system | 
"{410D7E12-B0FD-408D-A600-CBE64AFA05AA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{438D83B4-9D8A-404A-A2A1-DBF3BF0C5EF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44F4D63B-A007-4EB3-BF3B-2F06A2B94B53}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{55415215-FA4F-4C6C-A6C7-D08FFAED4752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E3114F5-DEF8-4761-AA52-109910501C87}" = rport=139 | protocol=6 | dir=out | app=system | 
"{602487AD-C76D-4306-9BDB-BC10FEFD92CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7D777468-1D12-4289-A653-1D0CEEED44FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F6C2465-D28E-420E-B3A5-DB5CF79A7344}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F99A3D2-2D90-4ECD-8E88-20AC1EEF1A17}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{93AD2290-6696-4109-985E-5C5276221165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF484614-043A-41B7-A473-D84DE2CE5266}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B22DB54D-705E-4C34-808C-268CD80095A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BDFA025A-5663-421D-A753-901712584E40}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BF0A4B22-9D17-4AFD-AA50-C29F6D038377}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C29A068E-D391-4785-8BF7-7E106C1B8ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAF9B526-C422-4EF5-9D28-B32C7DF8DA88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB8C9F70-8F92-4E6F-BF7A-C653C92B9C97}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F10FA4FC-7448-41C8-BEF1-58B83F265C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F848FD20-B1DE-4F13-A34E-CF1F11DF475F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F9C68630-FF58-44EF-93DD-26F1F7E4B48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0262B593-A3C7-41B3-8439-EDFCD4663E56}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{07193762-5227-4E92-A716-030F4C137522}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17B49EEB-5200-42B7-9C70-DC3D065D7EAC}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{1E6631F4-E066-49A3-8C33-4E667556D7EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A197FC6-9A09-4D1E-BDF6-57733740234A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{30F676AF-A39E-4523-AE85-0C4935C2B8E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3283A255-1A9E-4FCF-926F-5B887E88AD52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{32FE5CCB-5656-43D6-9337-E829D059EEDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{42979B5B-DB43-4FB4-AF37-A33456465A11}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45B2F3A1-F563-431B-9B66-5629F801BEC2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{52FBCB28-367B-4169-AA2F-4C76865A501F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CB8E617-ADE9-4E4F-8422-EDCCF86A8048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{60954EEF-150C-4C23-BD19-845F93787395}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{64FF0B95-2838-4BCE-AA7A-D5021C9C0057}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6BAA149D-1F07-4E81-B50F-CAF2E805472F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7C401CD0-1C63-4978-BA49-E4141BFCE6A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7D233335-126F-4E5A-A857-B1C4DE07C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{96F91D17-F938-4C3D-A198-9BD16B273CBE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7705EA9-0D7A-4EB6-BEE1-13AD11C06F83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{A7EDC095-2AAB-4C70-A723-BFAE8EBE7ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B2815AB3-6688-4BF8-8A12-51CF57CFD174}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8440B56-A379-4533-9695-C6826CF24B1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC01ACAE-8146-4249-8547-72D27269A2A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF024EC8-D9AA-418F-8806-F913590F2E9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C627FEC6-15F5-43F7-AF01-26E64FDDF331}" = protocol=6 | dir=out | app=system | 
"{CC70735D-8A7A-44EC-9AC3-AD9BCA4C2796}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{DBE92934-CC3D-4220-869D-7F9CACCB8283}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E810B678-4516-4BFD-94EB-B6D8F218CD3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F04A92E4-C02F-4B85-B72E-7A0FC2573F82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F4D24199-0B2A-460D-B1B7-FDD11408C540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{41C2B21A-63BB-4377-9567-A97B15F21E59}" = TOSHIBA eco Utility
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}" = MyPDFConverter
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E579724-82F9-454C-A98E-39DDDAB167FF}" = Intel(R) Rapid Start Technology
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}" = TOSHIBA ConfigFree
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BA8123A4-34B4-44B8-B8E1-D36F0D0259C9}_is1" = BrytonBridge
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoScape" = PhotoScape
"ProInst" = Intel PROSet Wireless
"Steam App 24010" = Train Simulator 2013
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0340cb41-e1e2-4563-8ef5-3a52ea5529b0" = Bejeweled 2 Deluxe
"WTA-0e5782c7-505a-4cce-8cbf-a2f2e762c100" = Slingo Deluxe
"WTA-0f73b10c-d9b0-41f0-9050-d9b909ec6274" = Diner Dash 2 Restaurant Rescue
"WTA-298eb7a8-4479-4146-87c0-9b83301010f4" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-379970d8-ad8c-42b4-a6a7-0f2d4491b6c3" = FATE
"WTA-47819ef4-6b97-4ae9-b114-92200c9b7a0c" = Polar Bowler
"WTA-4e45d02b-502b-4953-81f4-1abf38d63df1" = Zuma Deluxe
"WTA-6bf94a5c-a643-45fb-aef1-ecbfd25b3959" = Insaniquarium Deluxe
"WTA-74461e05-5db1-40de-89ee-d28ef0a66f51" = Plants vs. Zombies - Game of the Year
"WTA-7c9038c0-3af7-4653-a47b-652aa45e2a87" = Penguins!
"WTA-7cfdd512-5ff7-4ffd-b353-6aeea3fb5d55" = Chuzzle Deluxe
"WTA-7fc8164b-3230-47cf-86fa-5c18c93837f9" = Wedding Dash 2 - Rings Around the World
"WTA-b34351f1-fd83-4723-ae9d-da6756108e17" = Final Drive: Nitro
"WTA-c2b8b554-70f7-4601-9eea-dc4025bec4ae" = Bejeweled 3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2013 15:49:48 | Computer Name = steffan-TOSH | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.03.2013 15:49:14 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7043
Description = Der Dienst G Data Personal Firewall konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 11.03.2013 15:49:47 | Computer Name = steffan-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
Viele Grüße

noch eine zusätzliche Frage habe ich. Während ich das Programm adwcleaner ausgeführt habe, wurde mir empfohlen "Hosts Anti-PUP/adware zu installieren. Macht das Sinn und wenn ja von welcher Seite ist der Download ohne Risiko. Oder hat Kasperski auch so ein PUP-Programm ?

Danke für die Rückmeldung.

Alt 12.03.2013, 08:57   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes\{111F474E-B632-4EA4-8AA0-AB3FC22CE909}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DSGOH&o=102808&src=kw&q={searchTerms}&locale=&apn_ptnrs=^4L&apn_dtid=^YYYYYY^YY^DE&apn_uid=1E90CA49-9B26-4E19-897F-290487A1C033&apn_sauid=297336D0-2DAA-43AE-ABC2-575BA1B3138A
IE - HKU\S-1-5-21-317936193-2361039012-3725167726-1001\..\SearchScopes\{6A8A3BD1-AE3C-4928-A8FB-352DE6DAF286}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3192727
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 17:21   #14
delphin_2002
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Hi, hier nun wieder ein Logfile

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-317936193-2361039012-3725167726-1001\Software\Microsoft\Internet Explorer\SearchScopes\{111F474E-B632-4EA4-8AA0-AB3FC22CE909}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111F474E-B632-4EA4-8AA0-AB3FC22CE909}\ not found.
Registry key HKEY_USERS\S-1-5-21-317936193-2361039012-3725167726-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A8A3BD1-AE3C-4928-A8FB-352DE6DAF286}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A8A3BD1-AE3C-4928-A8FB-352DE6DAF286}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\steffan\Desktop\Virenlösung - noch nicht löschen\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: steffan
->Temp folder emptied: 1329920 bytes
->Temporary Internet Files folder emptied: 2762619 bytes
->Java cache emptied: 15423879 bytes
->FireFox cache emptied: 400959917 bytes
->Flash cache emptied: 62781 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 482586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 351613358 bytes
 
Total Files Cleaned = 737,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03122013_181648

Files\Folders moved on Reboot...
C:\Users\steffan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 12.03.2013, 22:18   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Standard

weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde
2 infizierte dateien, antivirus, bho, bildschirm, browser, computer, converter, diner dash, dllhost.exe, error, excel, firefox, flash player, helper, home, install.exe, logfile, malware, mozilla, mp3, problem, programm, realtek, registry, scan, security, software, svchost.exe, system, wildtangent games



Ähnliche Themen: weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde


  1. Ständig massenhafte Funde von Malware usw jedes Programm sagt was anderes und nichts entfernt richtig DRINGEND HILFE!!! Bitte ;(
    Plagegeister aller Art und deren Bekämpfung - 08.05.2015 (1)
  2. Avira von Virus abgeschaltet, Malware gefunden, Bildschirm acht mal zu sehen
    Log-Analyse und Auswertung - 05.01.2015 (18)
  3. Malwarebytes hat PUP.Optional.OpenCandy und noch mehr Malware gefunden. 9 Funde insgesamt.
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (3)
  4. Laptop startet, jedoch nur lauter Lüfter + schwarzer Bildschirm. Manchmal geht er wieder
    Netzwerk und Hardware - 09.12.2013 (3)
  5. Weisser Bildschirm und nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (7)
  6. Weißer Bildschirm bei Windows XP nach start - zuvor Malware gefunden
    Log-Analyse und Auswertung - 23.05.2013 (19)
  7. Virus "exp/cve-2012-1723.A.597" von antivir gefunden; malware-bytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (29)
  8. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  9. Weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (3)
  10. nach der Anmeldung im Win7 Weisser Bildschirm geht nichts mehr!!!!!
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (14)
  11. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm "warten s
    Log-Analyse und Auswertung - 17.04.2012 (13)
  12. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm
    Log-Analyse und Auswertung - 15.04.2012 (1)
  13. Win Firewall startet nicht automatisch. Weißer Bildschirm (Symptom selbst gefixed). Wieder i.O.?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (13)
  14. Weisser Bildschirm und nichts geht mehr- Trojaner legt alles lam
    Log-Analyse und Auswertung - 03.02.2012 (3)
  15. Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (38)
  16. Malware gefunden und eliminiert: ist jetzt alles wieder in Ordnung?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (5)
  17. kein windowsupdate möglich, malware startet nicht, ad-aware findet nichts
    Log-Analyse und Auswertung - 11.06.2009 (0)

Zum Thema weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde - Hallo, hatte heute folgendes Problem: Laptop war heute mit einmal Bildschrim weiss. Gestartet im abgesicherten Modus - Laptop ist immer gleich wieder runter gefahren. Beim nächsten Neustart wieder F8 gedrückt, - weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde...
Archiv
Du betrachtest: weisser Bildschirm, PC startet wieder, Virussoftware nichts gefunden, Malware hat Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.