Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Iminent / StartWeb geht nicht weg

Iminent / StartWeb geht nicht weg


Plagegeister aller Art und deren Bekämpfung: Iminent / StartWeb geht nicht weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 07.05.2013, 22:08   #1
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Liebes Forum,

ich habe mir auf meinem PC schon vor längerer Zeit irgendwie dieses Iminent Toolbar Teil unfreiwillig installiert. Ich habe schon echt viel ausprobiert auch in regedit.exe alle "iminent"-Dateien gelöscht und auch malware Programme laufen lassen...aber nach ner Weile kommt es wieder. Dann habe ich auf meinem Chrome Browser wieder die iminent Seite als Startseite und das StartWeb als Standard-Suche. Das macht mich soooo wahnsinnig. Bitte bitte kann mir jemand dieses scheiß iminent vom Hals schaffen!
Vielen Dank schonmal im Voraus.

Lovemetal

Alt 07.05.2013, 22:15   #2
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 07.05.2013, 22:52   #3
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.05.2013 23:23:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Valentin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,11% Memory free
7,93 Gb Paging File | 6,41 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 78,95 Gb Free Space | 52,97% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 125,08 Gb Free Space | 84,14% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 136,21 Gb Free Space | 29,25% Space Free | Partition Type: FAT32
 
Computer Name: VALENTIN-TOSH | User Name: Valentin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.07 23:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Valentin\Downloads\OTL.exe
PRC - [2013.05.07 16:30:26 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.07 22:46:22 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.07 22:45:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.07 21:47:38 | 002,795,048 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2013.04.03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013.03.22 07:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.16 21:06:32 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.04.07 22:46:22 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.07 22:45:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.07 21:47:38 | 002,795,048 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.04.03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2013.03.22 07:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013.03.16 12:07:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.14 21:34:36 | 001,024,384 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.02.10 10:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.16 11:21:36 | 000,890,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe -- (Ashampoo Defrag Service)
SRV - [2009.11.05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.04.23 15:56:38 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.04.07 22:46:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.07 22:46:28 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.07 22:46:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.15 01:10:07 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.06.22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011.03.31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.07.22 18:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010.04.01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.10.02 10:58:38 | 000,514,144 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009.09.23 12:11:00 | 000,027,616 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disksec.sys -- (DiskSec)
DRV:64bit: - [2009.08.26 18:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.29 17:04:56 | 000,061,696 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.11.02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=8f88f2f9-3db6-4478-b834-1e6eaefd3d44&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6114EFA1-16FC-4474-AF16-C35D1BB7AD47}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE352DE352
IE - HKCU\..\SearchScopes\{70DF0CD6-1FAC-4A53-9B86-25C5D083ED2B}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 46.231.14.49:8080
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "81.17.24.176"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..browser.startup.homepage: "hxxp://start.iminent.com/?appId=290606FB-E9E3-4415-8AC6-FFF1C6CC1581"
FF - prefs.js..browser.search.selectedEngine: "StartWeb"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Valentin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Valentin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.10 19:11:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.10 19:11:24 | 000,000,000 | ---D | M]
 
[2013.03.26 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Extensions
[2013.03.26 14:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.05 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3x4w3piw.default\extensions
[2012.11.17 15:55:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3x4w3piw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.02.05 15:12:31 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3x4w3piw.default\extensions\ffxtlbr@delta.com
[2012.08.06 11:23:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\Firefox\Profiles\3x4w3piw.default\extensions\staged
[2013.02.05 23:49:18 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Valentin\AppData\Roaming\mozilla\firefox\profiles\3x4w3piw.default\extensions\torntv@torntv.com.xpi
[2012.12.10 21:08:27 | 000,002,443 | ---- | M] () -- C:\Users\Valentin\AppData\Roaming\mozilla\firefox\profiles\3x4w3piw.default\searchplugins\babylon1.xml
[2013.02.05 15:12:32 | 000,001,294 | ---- | M] () -- C:\Users\Valentin\AppData\Roaming\mozilla\firefox\profiles\3x4w3piw.default\searchplugins\delta.xml
[2012.08.06 11:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.06 09:31:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Valentin\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Valentin\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Valentin\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Valentin\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: High Contrast = C:\Users\Valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.5_0\
CHR - Extension: Webseite Blocher (Beta) = C:\Users\Valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.1.9_0\
CHR - Extension: Charlotte Ronson = C:\Users\Valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\obakimnhgahiedhcjlcnohielmendpen\3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll File not found
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Valentin\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Valentin\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://asa04.lrz.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4660DE5F-D15A-4268-BD36-C30C94418B9C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.16 17:30:30 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2eb7ee8c-2eb0-11e2-81f0-002622311e1e}\Shell - "" = AutoRun
O33 - MountPoints2\{2eb7ee8c-2eb0-11e2-81f0-002622311e1e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2eb7ee91-2eb0-11e2-81f0-002622311e1e}\Shell - "" = AutoRun
O33 - MountPoints2\{2eb7ee91-2eb0-11e2-81f0-002622311e1e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{709fbec7-7fca-11e1-80b5-002622311e1e}\Shell - "" = AutoRun
O33 - MountPoints2\{709fbec7-7fca-11e1-80b5-002622311e1e}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{b8df9ea8-2c1e-11e2-b422-701a043ed875}\Shell - "" = AutoRun
O33 - MountPoints2\{b8df9ea8-2c1e-11e2-b422-701a043ed875}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b8df9ea8-2c1e-11e2-b422-701a043ed875}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{b8df9ea8-2c1e-11e2-b422-701a043ed875}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: SmartFaceVWatcher - hkey= - key= - C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.07 16:31:19 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.04.25 10:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.04.25 10:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.04.25 10:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.04.23 15:56:38 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.23 15:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.04.23 15:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.04.16 19:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013.04.16 19:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.16 19:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013.04.16 17:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.14 21:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.13 13:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2013.04.13 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Valentin\AppData\Roaming\Swiss Academic Software
[2013.04.13 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\Valentin\Documents\Citavi 3
[2013.04.13 11:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3
[2013.04.10 11:34:14 | 000,000,000 | ---D | C] -- C:\Users\Valentin\restore
[2013.04.10 11:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CEWE COLOR
[2013.04.08 13:32:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Valentin\Documents\*.tmp files -> C:\Users\Valentin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.07 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.07 23:02:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000UA.job
[2013.05.07 22:50:09 | 000,001,172 | ---- | M] () -- C:\Users\Valentin\Desktop\Windows Update Troubleshooting Info.lnk
[2013.05.07 22:41:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 22:35:04 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 22:35:04 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.07 22:27:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.07 22:27:23 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.07 22:27:21 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2013.05.07 22:27:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.07 22:27:20 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.05.07 22:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.07 22:27:09 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 17:02:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000Core.job
[2013.05.07 16:30:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.06 19:09:34 | 001,534,854 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.06 19:09:34 | 000,667,624 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.06 19:09:34 | 000,627,468 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.06 19:09:34 | 000,136,360 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.06 19:09:34 | 000,111,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 15:56:38 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.04.20 15:58:26 | 004,482,442 | ---- | M] () -- C:\Users\Valentin\Documents\barth_nicht_stoffgebunden_abhaengigkeit_vorl.pdf
[2013.04.16 19:41:16 | 000,000,117 | ---- | M] () -- C:\Windows\wininit.ini
[2013.04.16 17:30:30 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.11 10:33:03 | 000,437,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 17:03:12 | 000,002,396 | ---- | M] () -- C:\Users\Valentin\Desktop\Google Chrome.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Valentin\Documents\*.tmp files -> C:\Users\Valentin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.20 15:58:26 | 004,482,442 | ---- | C] () -- C:\Users\Valentin\Documents\barth_nicht_stoffgebunden_abhaengigkeit_vorl.pdf
[2013.04.20 10:27:48 | 000,001,172 | ---- | C] () -- C:\Users\Valentin\Desktop\Windows Update Troubleshooting Info.lnk
[2013.04.16 19:41:16 | 000,000,117 | ---- | C] () -- C:\Windows\wininit.ini
[2013.04.16 17:30:30 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.16 17:29:48 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2012.12.10 21:08:13 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.11.09 00:33:26 | 000,000,059 | ---- | C] () -- C:\Users\Valentin\AppData\Roaming\GoodnightTimer.ini
[2012.03.27 21:49:05 | 000,017,408 | ---- | C] () -- C:\Users\Valentin\AppData\Local\WebpageIcons.db
[2012.02.10 19:01:22 | 000,170,062 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2012.02.06 14:18:47 | 000,239,335 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.02.06 14:18:47 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2012.01.20 16:10:52 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.05.02 23:44:43 | 000,000,000 | ---- | C] () -- C:\Users\Valentin\AppData\Local\{843B8BF6-86FF-4A05-8835-7F4135B1A582}
[2011.03.11 19:08:43 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.01 00:07:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.01.15 16:43:55 | 367,044,608 | ---- | C] () -- C:\Users\Valentin\rsg-desperatexvid-s06e08.avi
[2010.10.09 17:27:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.01 00:58:48 | 000,000,000 | ---- | C] () -- C:\Users\Valentin\AppData\Roaming\wklnhst.dat
[2009.12.13 00:36:12 | 000,007,608 | ---- | C] () -- C:\Users\Valentin\AppData\Local\resmon.resmoncfg
[2009.12.02 12:51:53 | 000,004,932 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
[2009.12.02 00:46:35 | 000,007,680 | ---- | C] () -- C:\Users\Valentin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.28 12:38:36 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Advanced Chemistry Development
[2013.05.07 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\BatteryBar
[2011.08.22 23:16:17 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Canneverbe Limited
[2012.08.06 11:23:38 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\convert
[2013.02.05 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\CRDeltaTB
[2012.11.11 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\DAEMON Tools Lite
[2013.03.04 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\DefaultTab
[2011.11.06 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Dropbox
[2011.01.20 11:46:54 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Droppix
[2013.04.25 11:00:12 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\DVDVideoSoft
[2012.11.17 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Engelmann Media
[2009.12.26 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.11.17 16:03:27 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Geek Uninstaller
[2012.10.12 14:35:31 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Langenscheidt
[2012.08.06 11:23:38 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\loadtbs
[2010.12.21 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\MAGIX
[2012.01.04 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Motorola
[2011.03.27 19:29:09 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Nokia
[2012.11.17 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\OpenCandy
[2011.03.05 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Opera
[2011.03.26 20:43:39 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\PC Suite
[2012.06.26 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\SlySoft
[2013.04.13 11:18:30 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Swiss Academic Software
[2013.03.26 14:20:01 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\TomTom
[2011.02.14 18:23:36 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Toshiba
[2012.11.17 15:55:53 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\TuneUp Software
[2012.12.13 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Uniblue
[2012.11.15 01:17:24 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\Verbindungsassistent
[2013.01.05 12:37:21 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\VOS
[2009.11.21 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\WildTangent
[2011.02.14 23:50:26 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\WinBatch
[2012.10.11 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\Valentin\AppData\Roaming\yWorks
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.10.24 16:39:08 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.09.08 10:25:12 | 000,000,000 | ---D | M] -- C:\1033
[2011.08.28 12:38:33 | 000,000,000 | ---D | M] -- C:\ACDFREE12
[2013.04.16 22:15:14 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.03 18:22:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.08 10:25:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.16 17:29:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.25 10:50:09 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.04.23 15:56:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.03 18:22:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.04.08 17:49:17 | 000,000,000 | -H-D | M] -- C:\RestorPoint
[2013.05.07 23:29:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.24 10:15:57 | 000,000,000 | ---D | M] -- C:\Temp
[2009.10.17 01:59:13 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.12.09 13:16:30 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.16 19:41:16 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.08 10:23:49 | 000,000,000 | ---D | M] -- C:\Works
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.06 14:08:14 | 000,000,394 | ---- | C] () -- C:\Windows\Tasks\Install_NSS.job
[2010.01.28 15:24:02 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.28 15:24:02 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.12.21 17:14:12 | 000,000,492 | ---- | C] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job
[2012.08.06 11:32:03 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.06 11:42:09 | 000,001,080 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000Core.job
[2012.08.06 11:42:10 | 000,001,132 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000UA.job
[2012.11.11 21:00:43 | 000,000,270 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
[2012.12.10 21:08:18 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\spmonitor.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.05.07 23:44:58 | 016,252,928 | ---- | M] () -- C:\Users\Valentin\ntuser.dat
[2012.11.29 15:41:10 | 011,796,480 | ---- | M] () -- C:\Users\Valentin\ntuser.dat.bak
[2011.01.10 15:25:47 | 000,000,000 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT.efr.LOG1
[2011.01.10 15:25:47 | 000,000,000 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT.efr.LOG2
[2013.05.07 23:44:58 | 000,262,144 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat.LOG1
[2009.11.03 18:22:27 | 000,000,000 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat.LOG2
[2009.11.03 20:17:03 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.03 20:17:03 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.03 20:17:03 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.16 23:48:29 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{2ffe988a-1028-11e1-9cbc-002622311e1e}.TM.blf
[2011.11.16 23:48:29 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{2ffe988a-1028-11e1-9cbc-002622311e1e}.TMContainer00000000000000000001.regtrans-ms
[2011.11.16 23:48:29 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{2ffe988a-1028-11e1-9cbc-002622311e1e}.TMContainer00000000000000000002.regtrans-ms
[2012.12.02 23:11:35 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{51f0ab45-3a25-11e2-a309-002622311e1e}.TM.blf
[2012.12.02 23:11:35 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{51f0ab45-3a25-11e2-a309-002622311e1e}.TMContainer00000000000000000001.regtrans-ms
[2012.12.02 23:11:35 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{51f0ab45-3a25-11e2-a309-002622311e1e}.TMContainer00000000000000000002.regtrans-ms
[2011.01.10 18:14:19 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{63e96707-1cac-11e0-910d-002622311e1e}.TM.blf
[2011.01.10 18:14:19 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{63e96707-1cac-11e0-910d-002622311e1e}.TMContainer00000000000000000001.regtrans-ms
[2011.01.10 18:14:19 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\NTUSER.DAT{63e96707-1cac-11e0-910d-002622311e1e}.TMContainer00000000000000000002.regtrans-ms
[2011.01.14 01:07:22 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{c709e564-1f64-11e0-9624-002622311e1e}.TM.blf
[2011.01.14 01:07:22 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{c709e564-1f64-11e0-9624-002622311e1e}.TMContainer00000000000000000001.regtrans-ms
[2011.01.14 01:07:22 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{c709e564-1f64-11e0-9624-002622311e1e}.TMContainer00000000000000000002.regtrans-ms
[2012.10.10 18:01:59 | 000,065,536 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{ff78ba94-12db-11e2-b9e3-002622311e1e}.TM.blf
[2012.10.10 18:01:59 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{ff78ba94-12db-11e2-b9e3-002622311e1e}.TMContainer00000000000000000001.regtrans-ms
[2012.10.10 18:01:59 | 000,524,288 | -HS- | M] () -- C:\Users\Valentin\ntuser.dat{ff78ba94-12db-11e2-b9e3-002622311e1e}.TMContainer00000000000000000002.regtrans-ms
[2009.11.03 18:22:27 | 000,000,020 | -HS- | M] () -- C:\Users\Valentin\ntuser.ini
[2010.10.01 21:24:10 | 367,044,608 | ---- | M] () -- C:\Users\Valentin\rsg-desperatexvid-s06e08.avi
[2011.01.19 23:56:43 | 000,010,240 | -HS- | M] () -- C:\Users\Valentin\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
--- --- ---
__________________
Alt 07.05.2013, 22:53   #4
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Extras.txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.05.2013 23:23:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Valentin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,11% Memory free
7,93 Gb Paging File | 6,41 Gb Available in Paging File | 80,83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 78,95 Gb Free Space | 52,97% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 125,08 Gb Free Space | 84,14% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 136,21 Gb Free Space | 29,25% Space Free | Partition Type: FAT32
 
Computer Name: VALENTIN-TOSH | User Name: Valentin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0969DDCE-BE54-4C24-A41F-C09F2267A2F4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{15308130-6298-4235-A0F9-E0BC91BDEF76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15724D86-C2A8-49B0-A356-7FFCBAABD244}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{20E91551-BE7B-4F20-A460-5546474C31BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{291BDD7F-833E-4437-8A0A-001D508DB15D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2E43BC7F-82A0-43F8-9A4A-4D1EF007EFEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30D9F8E3-9D92-497F-B64B-12ECC05E7C94}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3AE1C703-61F9-4168-AB6F-BDDFB3CB9B56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B626005-4513-4122-9FF9-1BAA736F1E8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{46EC443E-5D67-43DE-A2BE-75572BF23B8E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{53AA9B72-1EBA-4B65-8102-526DED772119}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{53D16047-5D96-47B3-B272-CBEFEFA05DBD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5931B4E0-9B8A-43EE-A4F8-227E9A7FB4AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C35C583-AAF8-4131-BE99-F224C3A78CC0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86010163-20E7-424C-BFFE-5F97582658E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{9480D29B-5818-497B-92F6-E55B9650BF96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A39097A-E208-4D51-95B5-AC26FD3A5CCE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9E8B91FB-561F-4364-B383-8B8136EFBCC0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F1054F0-08E3-4079-8C28-E1E5D03B8C29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B96F2A6D-5081-4860-B3F7-5AA56085B1A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB3C8F81-6884-4947-B5D3-8E364209D803}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF8385B2-622E-489A-AA88-9131BF78016E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C97EAF68-85C7-452E-9FF3-B3089BA70632}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D24F2348-BC7C-4599-AAB6-0CCC44B11BF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FE224288-0AA2-4519-833B-12F3C88C07AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B84521-A947-4611-8BCC-1209C739EF1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{07294611-FB2F-42AC-B697-ABD5F24E7092}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{07521245-2780-4DB5-864B-01671405D1BA}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{0F795429-AB2B-436F-AB73-50882197355A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F8AC002-7F5D-4844-84DB-B931ABF21465}" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"{1B38C172-1D33-4729-B171-E71A7C807573}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1C108FD1-F51B-44E4-B5C4-916E7BA53580}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2053E259-EFEB-4F5D-9459-2E5E226A4C74}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2498ADE9-71EA-4B35-A2CE-F7DDA2D7A2F9}" = protocol=6 | dir=out | app=system | 
"{34CE6D59-0072-47A9-9551-318591C733CF}" = protocol=17 | dir=in | app=c:\users\valentin\appdata\local\temp\{d22966b2-5e87-433f-87b6-42ae0db73ffa}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{3F221E61-B935-4F70-A0FD-1A92DF827CDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3F83A5D4-E8DE-411A-9BC6-AF458F8C4496}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4D770526-71E4-4B80-83DC-2E0D9A554C39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4F963B9A-AC62-4B81-88D3-B08104C7A8F4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{51C105B5-6507-455C-A2E8-1E59D0DB59DB}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{52D2AA21-7FF7-4073-90CE-7C776CF55DB4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{542D48E3-2591-446E-A6CB-C98775C286BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58996B4F-C1F7-4E48-9EBC-D174059FD3C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{59BB4438-E875-4924-B178-889D9E4CB714}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{5A4CEF4E-C8BF-4379-971A-3110D9BD6D69}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6E927AC4-0E75-4A6A-B4C6-7278C4365E43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{70F5A4B1-ED4D-4605-9C0D-A8660A1BD131}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B83BC68-9B60-4B0A-AA4E-01183DD452BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{7BF85FC6-B971-41B2-8496-F58F54AC576B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{7D46AC84-8AFF-447A-8F32-4E510DE5CB0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{7F16368D-23CC-4ED3-823B-744E43E52B8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{7FB36EBA-781E-434F-900E-4C7581D2A0F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83957287-0C71-4B7D-8DCC-3D48ED326B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{84BCDD3C-55E2-46BA-BA51-D20A3E77829E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{84F07921-CBE8-4846-AF56-EE135A5F381F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8516A2EB-BE36-4A0A-A0E8-E794EA0A14B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{896BB1E6-F2CC-46A0-A9D5-22EDA1117592}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8BAB8876-D16E-41E9-9AA4-DFFEEF438C5B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{974424A2-1B57-4AFD-B0BF-8E587BD55AD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{991F2A35-03E5-4C7C-826B-B66EB7ADA7CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{9D9D31E7-9F38-4838-B616-E98AC369F7C7}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{9EC8A210-1753-4B4C-A9D2-8968215B5DCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1DFAC67-D9E7-4801-98DA-1ED1DE46E9B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A2E003F5-FE5F-42CA-A9BA-A0AF5A97271C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{A9EF8294-FB88-48DB-9B77-E499BCADC848}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{AC65C06E-0377-4808-9807-B560244C146C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{AD9E1D58-261F-4876-8650-E8284C10DE35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AE2DC5AD-6F80-4C68-9FB5-B9B0A48E9DB2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AE616B52-5740-473E-9147-BFCBBD2F6616}" = protocol=6 | dir=in | app=c:\users\valentin\appdata\local\temp\{d22966b2-5e87-433f-87b6-42ae0db73ffa}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{B0761AB6-64CA-4045-9B41-13A56928F8A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B0DAF8EE-83E9-42C0-8424-B2102308C527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{B4F5F8A3-6D57-4A37-B52E-43E657E8CD12}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B97461A1-A50A-4D74-B168-7C5D6546ACA9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{C144A913-AE3B-4D4E-B594-668DEC921294}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{C17A21A7-D2D0-4D67-9BB1-56F8C51F20E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{C1FB35BB-91DF-4824-9DEC-52A3388840F3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C3CF960A-80CB-49AC-B14C-8AF4DE23B5C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{C79C4EEB-E887-4C3B-8EAB-520D6F02A96B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C84FE5C9-B072-4EDD-B628-DDCC4B62022A}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{C9B3A243-CEE9-46F7-BC58-85DAC1C221EE}" = dir=in | app=e:\setup\hpznui40.exe | 
"{D2464A39-35CA-42ED-B04A-3A1415AFF1CF}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{D4F6E44D-42C3-412E-A5F6-9A6B37B2ABA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95D0B14-C764-4411-BBA8-E9603D0B16DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC7568F5-0805-4C07-9354-B3674C4DDC08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{E3D945E8-ABEE-4A96-82CD-70977EFA666F}" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"{F1F3F4C9-3B7A-4CE0-883B-9ABFAF896471}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F45C4DCF-7677-4B2F-9906-BD6B3D3B5946}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{F9F6F726-54EA-451E-9916-7D2DBC29F9CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FBA5010F-F1AC-41B5-8C00-F3D277F9B945}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{05559984-263B-46F2-B7DA-8F45C4FFEEC1}C:\program files (x86)\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\software update\msu.exe | 
"TCP Query User{08D0D85A-AB20-414F-A36D-2F4830BFD02B}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"TCP Query User{14ED0787-4540-4ED5-AFAF-A8351E317AF7}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
"TCP Query User{1BBBDC42-0CD8-485B-BEBE-1CFFE00DD7DA}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{1FDC6B62-A757-45E4-B0C2-E1D3658C63EF}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{3001D89F-5053-4624-AB28-20DDA6BEB808}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{382AF331-85C3-4F08-97FD-09C1992684C1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{4930755D-7D2F-45AD-9D5F-92A36BD22BF5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{526A3BF0-B55A-4F2B-8B3A-0ED657D8EEA2}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{7A553D17-8FDB-4E2D-99ED-DD3B9DD20C64}C:\users\valentin\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\valentin\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{9279D270-068F-4B6C-A739-DD9274371933}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
"TCP Query User{9CD026F4-7F80-4160-B42A-0F3F2278C5BD}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{A43D67F5-3BA2-4189-8EDC-2741C7399536}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{ABCF1F7A-DD13-45CB-8B79-F1325B4CEDB8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{B1BD9782-3DC3-4104-9084-EC8C48171CC1}C:\program files (x86)\motorola\software update\mumapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\software update\mumapp.exe | 
"TCP Query User{B20E04B7-1997-4377-B926-8C368214AA63}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{BB60C46E-6F51-4461-8753-09700F2CAA61}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{D21B206D-2477-41A9-A06E-E11B68FE7EE3}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"TCP Query User{E332518A-754D-47EB-AF36-F0EB541F1FA9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{FF17E25C-FE76-4550-A4C6-4773F83AE930}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{105622AA-8ED4-4166-AC74-18A558221970}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{1F5AA427-D7E7-426D-9B58-6DE3E03932F4}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | 
"UDP Query User{1FF16A1B-E6A3-40DC-BCAF-A9A31EAE9B07}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{27D0C4AE-9228-42C0-9D7F-E54E4708EE56}C:\program files (x86)\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\software update\msu.exe | 
"UDP Query User{34749811-8F49-436A-BD0E-3582DFE5BB7D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{46DDF3D1-C168-424D-A1D4-98288FADBF31}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{543B2163-FDAB-4375-A7FE-1154AE980621}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{576A7E98-DE6D-4561-913A-D0D127603352}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{61304AA1-97AF-4182-B21E-9F0804E245B4}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{63F0B005-8F29-4FA7-A723-4687FC98B4B5}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
"UDP Query User{720C6C7B-9BB5-4F8A-BB35-6C0292DFFA71}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{7360AD57-3765-457C-AC04-A243449E6886}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{892E5819-89CE-466D-8BC3-85D8C7A301A1}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{898DEBCE-F449-4705-A79F-4BBF46302C61}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{9371655A-E6DB-4FE4-A431-EA110BD0BFB7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{97CCDAF7-8B75-46C3-9349-C4BAD689C4EE}C:\program files (x86)\mouseserver\mouseserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mouseserver\mouseserver.exe | 
"UDP Query User{AAADE008-2D71-4009-AFFB-F746220BDFF0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{E33234A4-81A9-4F9F-961A-702609BB2019}C:\users\valentin\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\valentin\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{F66FD413-5C42-48B0-B166-9ECCC81BB720}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{FD78288D-B0A7-4B1D-A508-08363B515445}C:\program files (x86)\motorola\software update\mumapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\software update\mumapp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"BatteryBar" = BatteryBar (remove only)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0AC16091-C09E-462B-9AF7-A8605F4BF7CC}" = Langenscheidt Vokabeltrainer 6.0 Englisch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{48535366-87B8-452D-9247-B0016F1D04D2}" = Delta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software  1.14.25.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1" = MouseServer Version 1.2.0
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Ashampoo Magical Defrag 3_is1" = Ashampoo Magical Defrag 3 v.3.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Free Video Dub_is1" = Free Video Dub version 2.0.17.128
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LameACM" = Lame ACM MP3 Codec
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"loadtbs-3.0" = loadtbs-3.0
"MAGIX PC Check & Tuning 2010 Download-Version D" = MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Verbindungsassistent" = Verbindungsassistent
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2013 03:13:38 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
 Version: 13.0.2020.4, Zeitstempel: 0x5059906a  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000006b565  ID des fehlerhaften Prozesses: 0xa04  Startzeit der fehlerhaften
 Anwendung: 0x01ce418467bc2a99  Pfad der fehlerhaften Anwendung: C:\Program Files 
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Berichtskennung:
 a62e47b0-ad77-11e2-ab0b-002622311e1e
 
Error - 25.04.2013 08:12:24 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 9.5.3.305,
 Zeitstempel: 0x50d1d170  Name des fehlerhaften Moduls: Updater.api_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50d1c7ea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6803d9f2
ID
 des fehlerhaften Prozesses: 0x12f0  Startzeit der fehlerhaften Anwendung: 0x01ce41ae1bb3da86
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: Updater.api  Berichtskennung: 62ad932d-ada1-11e2-ab0b-002622311e1e
 
Error - 25.04.2013 08:12:33 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 9.5.3.305,
 Zeitstempel: 0x50d1d170  Name des fehlerhaften Moduls: Updater.api_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50d1c7ea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x68027bb1
ID
 des fehlerhaften Prozesses: 0x12f0  Startzeit der fehlerhaften Anwendung: 0x01ce41ae1bb3da86
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: Updater.api  Berichtskennung: 6854a60d-ada1-11e2-ab0b-002622311e1e
 
Error - 26.04.2013 04:02:15 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
 Version: 13.0.2020.4, Zeitstempel: 0x5059906a  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000006b565  ID des fehlerhaften Prozesses: 0x644  Startzeit der fehlerhaften
 Anwendung: 0x01ce42545ada7386  Pfad der fehlerhaften Anwendung: C:\Program Files 
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Berichtskennung:
 9b1cddd0-ae47-11e2-81a9-002622311e1e
 
Error - 26.04.2013 13:35:22 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.04.2013 13:37:08 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2013 06:35:46 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2013 06:37:36 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.04.2013 17:49:29 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
 Version: 13.0.2020.4, Zeitstempel: 0x5059906a  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000006b565  ID des fehlerhaften Prozesses: 0x42c  Startzeit der fehlerhaften
 Anwendung: 0x01ce45ec96ae8740  Pfad der fehlerhaften Anwendung: C:\Program Files 
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Berichtskennung:
 d55bf3bc-b1df-11e2-a457-701a043ed875
 
Error - 05.05.2013 13:41:37 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.05.2013 13:43:15 | Computer Name = Valentin-TOSH | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.05.2013 02:31:42 | Computer Name = Valentin-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version:
 13.0.2020.4, Zeitstempel: 0x5059906a  Name des fehlerhaften Moduls: TuneUpUtilitiesService64.exe,
 Version: 13.0.2020.4, Zeitstempel: 0x5059906a  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000006b565  ID des fehlerhaften Prozesses: 0xb70  Startzeit der fehlerhaften
 Anwendung: 0x01ce4a235efb45bb  Pfad der fehlerhaften Anwendung: C:\Program Files 
(x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe  Berichtskennung:
 9d33a790-b616-11e2-b4e9-002622311e1e
 
[ Cisco AnyConnect VPN Client Events ]
Error - 15.10.2011 06:29:02 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes File: .\IPv4ChangeRouteHelper.cpp
Line:
 2486 Invoked Function: CInstanceSmartPtr<CHostConfigMgr> Return Code: -28770294 (0xFE49000A)
Description:
 HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2450 Invoked Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes Return Code: 
-28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes File: .\IPv4ChangeRouteHelper.cpp
Line:
 2486 Invoked Function: CInstanceSmartPtr<CHostConfigMgr> Return Code: -28770294 (0xFE49000A)
Description:
 HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2450 Invoked Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes Return Code: 
-28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes File: .\IPv4ChangeRouteHelper.cpp
Line:
 2486 Invoked Function: CInstanceSmartPtr<CHostConfigMgr> Return Code: -28770294 (0xFE49000A)
Description:
 HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2450 Invoked Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes Return Code: 
-28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes File: .\IPv4ChangeRouteHelper.cpp
Line:
 2486 Invoked Function: CInstanceSmartPtr<CHostConfigMgr> Return Code: -28770294 (0xFE49000A)
Description:
 HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
Error - 15.10.2011 10:56:16 | Computer Name = Valentin-TOSH | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2450 Invoked Function: CIPv4ChangeRouteHelper::ExcludePrivateRoutes Return Code: 
-28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE 
 
[ Media Center Events ]
Error - 07.01.2010 10:01:06 | Computer Name = Valentin-TOSH | Source = MCUpdate | ID = 0
Description = 15:01:02 - EpgListing-2.enc konnte nicht abgerufen werden (Fehler:
 HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.  )  
 
Error - 09.01.2010 18:40:18 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 09.01.2010 18:56:15 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 15.01.2010 14:39:51 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 31.01.2010 17:19:03 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 22.02.2010 17:34:42 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 12.06.2010 10:07:03 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 12.06.2010 10:07:32 | Computer Name = Valentin-TOSH | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Hauppauge
 SMS1000 DVB-T Tuner
 
Error - 12.07.2010 02:00:16 | Computer Name = Valentin-TOSH | Source = MCUpdate | ID = 0
Description = 07:58:56 - EpgListings konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.02.2013 17:14:55 | Computer Name = Valentin-TOSH | Source = MCUpdate | ID = 0
Description = 22:13:28 - Fehler beim Herstellen der Internetverbindung.  22:13:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 07.05.2013 16:27:13 | Computer Name = Valentin-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.05.2013 16:27:14 | Computer Name = Valentin-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.05.2013 16:27:14 | Computer Name = Valentin-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.05.2013 16:27:55 | Computer Name = Valentin-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 07.05.2013 16:27:59 | Computer Name = Valentin-TOSH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 07.05.2013 16:28:04 | Computer Name = Valentin-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 07.05.2013 16:28:14 | Computer Name = Valentin-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 07.05.2013 16:28:14 | Computer Name = Valentin-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 07.05.2013 16:34:41 | Computer Name = Valentin-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80073701 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 07.05.2013 16:51:48 | Computer Name = Valentin-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80073701 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
 
< End of report >
--- --- ---
Alt 07.05.2013, 23:02   #5
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 23:06   #6
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


00:05:09.0944 2476 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:05:10.0458 2476 ============================================================
00:05:10.0458 2476 Current date / time: 2013/05/08 00:05:10.0458
00:05:10.0458 2476 SystemInfo:
00:05:10.0458 2476
00:05:10.0458 2476 OS Version: 6.1.7601 ServicePack: 1.0
00:05:10.0458 2476 Product type: Workstation
00:05:10.0459 2476 ComputerName: VALENTIN-TOSH
00:05:10.0459 2476 UserName: Valentin
00:05:10.0459 2476 Windows directory: C:\Windows
00:05:10.0459 2476 System windows directory: C:\Windows
00:05:10.0459 2476 Running under WOW64
00:05:10.0459 2476 Processor architecture: Intel x64
00:05:10.0459 2476 Number of processors: 2
00:05:10.0459 2476 Page size: 0x1000
00:05:10.0459 2476 Boot type: Normal boot
00:05:10.0459 2476 ============================================================
00:05:11.0036 2476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:05:11.0040 2476 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:05:11.0042 2476 ============================================================
00:05:11.0042 2476 \Device\Harddisk0\DR0:
00:05:11.0043 2476 MBR partitions:
00:05:11.0043 2476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
00:05:11.0043 2476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
00:05:11.0043 2476 \Device\Harddisk1\DR1:
00:05:11.0043 2476 MBR partitions:
00:05:11.0043 2476 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
00:05:11.0043 2476 ============================================================
00:05:11.0065 2476 C: <-> \Device\Harddisk0\DR0\Partition1
00:05:11.0107 2476 D: <-> \Device\Harddisk0\DR0\Partition2
00:05:11.0107 2476 H: <-> \Device\Harddisk1\DR1\Partition1
00:05:11.0108 2476 ============================================================
00:05:11.0108 2476 Initialize success
00:05:11.0108 2476 ============================================================
00:05:19.0493 4868 ============================================================
00:05:19.0493 4868 Scan started
00:05:19.0493 4868 Mode: Manual; SigCheck; TDLFS;
00:05:19.0493 4868 ============================================================
00:05:20.0294 4868 ================ Scan system memory ========================
00:05:20.0294 4868 System memory - ok
00:05:20.0295 4868 ================ Scan services =============================
00:05:20.0464 4868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:05:20.0577 4868 1394ohci - ok
00:05:20.0624 4868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:05:20.0644 4868 ACPI - ok
00:05:20.0690 4868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:05:20.0752 4868 AcpiPmi - ok
00:05:20.0891 4868 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:05:20.0922 4868 AdobeFlashPlayerUpdateSvc - ok
00:05:20.0981 4868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:05:21.0022 4868 adp94xx - ok
00:05:21.0051 4868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:05:21.0072 4868 adpahci - ok
00:05:21.0106 4868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:05:21.0123 4868 adpu320 - ok
00:05:21.0177 4868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:05:21.0242 4868 AeLookupSvc - ok
00:05:21.0300 4868 [ 65F8D71074FCE72B6C491F63535FEDC6 ] AF9035BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
00:05:21.0347 4868 AF9035BDA - ok
00:05:21.0418 4868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:05:21.0470 4868 AFD - ok
00:05:21.0499 4868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:05:21.0516 4868 agp440 - ok
00:05:21.0537 4868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:05:21.0588 4868 ALG - ok
00:05:21.0603 4868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:05:21.0617 4868 aliide - ok
00:05:21.0651 4868 [ 98A2774D3F18C107874C8C1163EBE484 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:05:21.0695 4868 AMD External Events Utility - ok
00:05:21.0714 4868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:05:21.0729 4868 amdide - ok
00:05:21.0764 4868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:05:21.0800 4868 AmdK8 - ok
00:05:21.0826 4868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:05:21.0857 4868 AmdPPM - ok
00:05:21.0895 4868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:05:21.0923 4868 amdsata - ok
00:05:21.0942 4868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:05:21.0960 4868 amdsbs - ok
00:05:21.0974 4868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:05:21.0989 4868 amdxata - ok
00:05:22.0095 4868 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:05:22.0119 4868 AntiVirSchedulerService - ok
00:05:22.0158 4868 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:05:22.0178 4868 AntiVirService - ok
00:05:22.0211 4868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:05:22.0267 4868 AppID - ok
00:05:22.0297 4868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:05:22.0360 4868 AppIDSvc - ok
00:05:22.0384 4868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:05:22.0438 4868 Appinfo - ok
00:05:22.0459 4868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:05:22.0475 4868 arc - ok
00:05:22.0493 4868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:05:22.0509 4868 arcsas - ok
00:05:22.0589 4868 [ D8B152937AADE344D0915771AC91C947 ] Ashampoo Defrag Service C:\Program Files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe
00:05:22.0647 4868 Ashampoo Defrag Service - ok
00:05:22.0665 4868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:22.0730 4868 AsyncMac - ok
00:05:22.0758 4868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:05:22.0773 4868 atapi - ok
00:05:22.0817 4868 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:05:22.0899 4868 athr - ok
00:05:23.0069 4868 [ 173F4C05F87085E9BDA3F7037BC9F40E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:05:23.0304 4868 atikmdag - ok
00:05:23.0383 4868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:05:23.0481 4868 AudioEndpointBuilder - ok
00:05:23.0508 4868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:05:23.0554 4868 AudioSrv - ok
00:05:23.0588 4868 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:05:23.0604 4868 avgntflt - ok
00:05:23.0617 4868 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:05:23.0632 4868 avipbb - ok
00:05:23.0648 4868 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:05:23.0662 4868 avkmgr - ok
00:05:23.0698 4868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:05:23.0740 4868 AxInstSV - ok
00:05:23.0778 4868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:05:23.0812 4868 b06bdrv - ok
00:05:23.0836 4868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:05:23.0888 4868 b57nd60a - ok
00:05:23.0929 4868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:05:23.0969 4868 BDESVC - ok
00:05:24.0002 4868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:05:24.0072 4868 Beep - ok
00:05:24.0127 4868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:05:24.0198 4868 BFE - ok
00:05:24.0267 4868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:05:24.0373 4868 BITS - ok
00:05:24.0390 4868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:05:24.0426 4868 blbdrive - ok
00:05:24.0461 4868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:05:24.0504 4868 bowser - ok
00:05:24.0539 4868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:05:24.0592 4868 BrFiltLo - ok
00:05:24.0612 4868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:05:24.0638 4868 BrFiltUp - ok
00:05:24.0671 4868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:05:24.0690 4868 Browser - ok
00:05:24.0712 4868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:05:24.0753 4868 Brserid - ok
00:05:24.0769 4868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:05:24.0807 4868 BrSerWdm - ok
00:05:24.0827 4868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:05:24.0863 4868 BrUsbMdm - ok
00:05:24.0881 4868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:05:24.0898 4868 BrUsbSer - ok
00:05:24.0939 4868 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
00:05:24.0955 4868 BTCFilterService - ok
00:05:24.0970 4868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:05:25.0003 4868 BTHMODEM - ok
00:05:25.0042 4868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:05:25.0098 4868 bthserv - ok
00:05:25.0121 4868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:05:25.0161 4868 cdfs - ok
00:05:25.0195 4868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:05:25.0214 4868 cdrom - ok
00:05:25.0252 4868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:05:25.0347 4868 CertPropSvc - ok
00:05:25.0426 4868 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
00:05:25.0451 4868 cfWiMAXService - ok
00:05:25.0472 4868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:05:25.0506 4868 circlass - ok
00:05:25.0541 4868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:05:25.0563 4868 CLFS - ok
00:05:25.0650 4868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:05:25.0673 4868 clr_optimization_v2.0.50727_32 - ok
00:05:25.0700 4868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:05:25.0714 4868 clr_optimization_v2.0.50727_64 - ok
00:05:25.0790 4868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:05:25.0810 4868 clr_optimization_v4.0.30319_32 - ok
00:05:25.0859 4868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:05:25.0882 4868 clr_optimization_v4.0.30319_64 - ok
00:05:25.0902 4868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:05:25.0935 4868 CmBatt - ok
00:05:25.0956 4868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:05:25.0971 4868 cmdide - ok
00:05:26.0013 4868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:05:26.0050 4868 CNG - ok
00:05:26.0084 4868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:05:26.0099 4868 Compbatt - ok
00:05:26.0134 4868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:05:26.0169 4868 CompositeBus - ok
00:05:26.0174 4868 COMSysApp - ok
00:05:26.0204 4868 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
00:05:26.0215 4868 ConfigFree Gadget Service - ok
00:05:26.0256 4868 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
00:05:26.0268 4868 ConfigFree Service - ok
00:05:26.0285 4868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:05:26.0300 4868 crcdisk - ok
00:05:26.0334 4868 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:05:26.0369 4868 CryptSvc - ok
00:05:26.0393 4868 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
00:05:26.0406 4868 CVirtA - ok
00:05:26.0454 4868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:05:26.0539 4868 DcomLaunch - ok
00:05:26.0577 4868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:05:26.0641 4868 defragsvc - ok
00:05:26.0669 4868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:05:26.0726 4868 DfsC - ok
00:05:26.0762 4868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:05:26.0785 4868 Dhcp - ok
00:05:26.0820 4868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:05:26.0860 4868 discache - ok
00:05:26.0876 4868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:05:26.0892 4868 Disk - ok
00:05:26.0929 4868 [ FD3F25ECC3836A350D5EEC0FC58E1D48 ] DiskSec C:\Windows\system32\drivers\DiskSec.sys
00:05:26.0949 4868 DiskSec - ok
00:05:26.0984 4868 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
00:05:26.0997 4868 DNE - ok
00:05:27.0040 4868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:05:27.0074 4868 Dnscache - ok
00:05:27.0105 4868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:05:27.0165 4868 dot3svc - ok
00:05:27.0204 4868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:05:27.0272 4868 DPS - ok
00:05:27.0287 4868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:05:27.0318 4868 drmkaud - ok
00:05:27.0374 4868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:05:27.0451 4868 DXGKrnl - ok
00:05:27.0488 4868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:05:27.0542 4868 EapHost - ok
00:05:27.0644 4868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:05:27.0795 4868 ebdrv - ok
00:05:27.0828 4868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:05:27.0888 4868 EFS - ok
00:05:27.0964 4868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:05:28.0042 4868 ehRecvr - ok
00:05:28.0074 4868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:05:28.0103 4868 ehSched - ok
00:05:28.0142 4868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:05:28.0167 4868 elxstor - ok
00:05:28.0184 4868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:05:28.0213 4868 ErrDev - ok
00:05:28.0294 4868 esgiguard - ok
00:05:28.0338 4868 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
00:05:28.0357 4868 EsgScanner - ok
00:05:28.0406 4868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:05:28.0482 4868 EventSystem - ok
00:05:28.0500 4868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:05:28.0557 4868 exfat - ok
00:05:28.0578 4868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:05:28.0630 4868 fastfat - ok
00:05:28.0680 4868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:05:28.0748 4868 Fax - ok
00:05:28.0778 4868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:05:28.0795 4868 fdc - ok
00:05:28.0831 4868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:05:28.0883 4868 fdPHost - ok
00:05:28.0899 4868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:05:28.0950 4868 FDResPub - ok
00:05:28.0969 4868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:05:28.0984 4868 FileInfo - ok
00:05:28.0994 4868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:05:29.0061 4868 Filetrace - ok
00:05:29.0085 4868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:05:29.0121 4868 flpydisk - ok
00:05:29.0154 4868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:05:29.0173 4868 FltMgr - ok
00:05:29.0240 4868 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
00:05:29.0307 4868 FontCache - ok
00:05:29.0364 4868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:05:29.0376 4868 FontCache3.0.0.0 - ok
00:05:29.0412 4868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:05:29.0427 4868 FsDepends - ok
00:05:29.0487 4868 [ 8197C85348A33BCCFE80DD6E2DB53903 ] FSProFilter C:\Windows\system32\Drivers\FSPFltd.sys
00:05:29.0500 4868 FSProFilter - ok
00:05:29.0535 4868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:05:29.0550 4868 Fs_Rec - ok
00:05:29.0577 4868 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:05:29.0598 4868 fvevol - ok
00:05:29.0610 4868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:05:29.0625 4868 gagp30kx - ok
00:05:29.0628 4868 GameConsoleService - ok
00:05:29.0684 4868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:05:29.0754 4868 gpsvc - ok
00:05:29.0841 4868 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:05:29.0863 4868 gupdate - ok
00:05:29.0874 4868 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:05:29.0886 4868 gupdatem - ok
00:05:29.0935 4868 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:05:29.0960 4868 gusvc - ok
00:05:29.0988 4868 [ EDAB8AA9F2B68E52AD0FF26DC7FF8448 ] hcw17bda C:\Windows\system32\drivers\hcw17bda.sys
00:05:30.0012 4868 hcw17bda - ok
00:05:30.0044 4868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:05:30.0075 4868 hcw85cir - ok
00:05:30.0106 4868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:05:30.0145 4868 HdAudAddService - ok
00:05:30.0162 4868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:05:30.0202 4868 HDAudBus - ok
00:05:30.0217 4868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:05:30.0253 4868 HidBatt - ok
00:05:30.0273 4868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:05:30.0304 4868 HidBth - ok
00:05:30.0323 4868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:05:30.0343 4868 HidIr - ok
00:05:30.0385 4868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:05:30.0457 4868 hidserv - ok
00:05:30.0470 4868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:05:30.0487 4868 HidUsb - ok
00:05:30.0517 4868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:05:30.0584 4868 hkmsvc - ok
00:05:30.0620 4868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:05:30.0661 4868 HomeGroupListener - ok
00:05:30.0689 4868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:05:30.0724 4868 HomeGroupProvider - ok
00:05:30.0812 4868 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:05:30.0840 4868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
00:05:30.0840 4868 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
00:05:30.0870 4868 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:05:30.0893 4868 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
00:05:30.0893 4868 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
00:05:30.0927 4868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:05:30.0943 4868 HpSAMD - ok
00:05:31.0009 4868 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:05:31.0082 4868 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
00:05:31.0082 4868 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
00:05:31.0134 4868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:05:31.0236 4868 HTTP - ok
00:05:31.0260 4868 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:05:31.0337 4868 hwdatacard - ok
00:05:31.0386 4868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:05:31.0400 4868 hwpolicy - ok
00:05:31.0447 4868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:05:31.0465 4868 i8042prt - ok
00:05:31.0500 4868 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:05:31.0518 4868 iaStor - ok
00:05:31.0574 4868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:05:31.0594 4868 iaStorV - ok
00:05:31.0663 4868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:05:31.0736 4868 idsvc - ok
00:05:31.0893 4868 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:05:32.0106 4868 igfx - ok
00:05:32.0127 4868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:05:32.0142 4868 iirsp - ok
00:05:32.0208 4868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:05:32.0314 4868 IKEEXT - ok
00:05:32.0401 4868 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:05:32.0498 4868 IntcAzAudAddService - ok
00:05:32.0516 4868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:05:32.0532 4868 intelide - ok
00:05:32.0556 4868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:05:32.0590 4868 intelppm - ok
00:05:32.0623 4868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:05:32.0682 4868 IPBusEnum - ok
00:05:32.0714 4868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:05:32.0765 4868 IpFilterDriver - ok
00:05:32.0810 4868 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:05:32.0855 4868 iphlpsvc - ok
00:05:32.0892 4868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:05:32.0910 4868 IPMIDRV - ok
00:05:32.0928 4868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:05:32.0980 4868 IPNAT - ok
00:05:33.0002 4868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:05:33.0035 4868 IRENUM - ok
00:05:33.0067 4868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:05:33.0083 4868 isapnp - ok
00:05:33.0119 4868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:05:33.0138 4868 iScsiPrt - ok
00:05:33.0151 4868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:05:33.0166 4868 kbdclass - ok
00:05:33.0197 4868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:05:33.0215 4868 kbdhid - ok
00:05:33.0232 4868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:05:33.0254 4868 KeyIso - ok
00:05:33.0334 4868 [ 3D6CB0DB6FE125F622C02DC0249DDE9F ] KMWDSERVICE C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
00:05:33.0365 4868 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
00:05:33.0365 4868 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
00:05:33.0396 4868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:05:33.0412 4868 KSecDD - ok
00:05:33.0439 4868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:05:33.0456 4868 KSecPkg - ok
00:05:33.0482 4868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:05:33.0533 4868 ksthunk - ok
00:05:33.0572 4868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:05:33.0641 4868 KtmRm - ok
00:05:33.0673 4868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:05:33.0751 4868 LanmanServer - ok
00:05:33.0789 4868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:05:33.0854 4868 LanmanWorkstation - ok
00:05:33.0946 4868 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:05:33.0958 4868 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:05:33.0958 4868 LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:05:33.0972 4868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:05:34.0027 4868 lltdio - ok
00:05:34.0059 4868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:05:34.0140 4868 lltdsvc - ok
00:05:34.0155 4868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:05:34.0200 4868 lmhosts - ok
00:05:34.0220 4868 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
00:05:34.0231 4868 LPCFilter - ok
00:05:34.0266 4868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:05:34.0282 4868 LSI_FC - ok
00:05:34.0295 4868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:05:34.0312 4868 LSI_SAS - ok
00:05:34.0323 4868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:05:34.0344 4868 LSI_SAS2 - ok
00:05:34.0366 4868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:05:34.0382 4868 LSI_SCSI - ok
00:05:34.0392 4868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:05:34.0449 4868 luafv - ok
00:05:34.0487 4868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:05:34.0519 4868 Mcx2Svc - ok
00:05:34.0540 4868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:05:34.0556 4868 megasas - ok
00:05:34.0573 4868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:05:34.0593 4868 MegaSR - ok
00:05:34.0669 4868 Microsoft SharePoint Workspace Audit Service - ok
00:05:34.0700 4868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:05:34.0779 4868 MMCSS - ok
00:05:34.0804 4868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:05:34.0844 4868 Modem - ok
00:05:34.0850 4868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:05:34.0881 4868 monitor - ok
00:05:34.0908 4868 [ C94A2EA3FDFA5D650884926B710B7DB1 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
00:05:34.0947 4868 motccgp - ok
00:05:34.0978 4868 [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
00:05:35.0014 4868 motccgpfl - ok
00:05:35.0046 4868 [ 060F0EF84F430802DF3788F3DCFD009C ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
00:05:35.0095 4868 motmodem - ok
00:05:35.0152 4868 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
00:05:35.0177 4868 MotoHelper - ok
00:05:35.0199 4868 [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
00:05:35.0230 4868 MotoSwitchService - ok
00:05:35.0260 4868 [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
00:05:35.0275 4868 Motousbnet - ok
00:05:35.0318 4868 [ D075B1D964A314D240F5498773EE89DF ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
00:05:35.0350 4868 motusbdevice - ok
00:05:35.0373 4868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:05:35.0389 4868 mouclass - ok
00:05:35.0417 4868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:05:35.0445 4868 mouhid - ok
00:05:35.0486 4868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:05:35.0513 4868 mountmgr - ok
00:05:35.0524 4868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:05:35.0541 4868 mpio - ok
00:05:35.0561 4868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:05:35.0615 4868 mpsdrv - ok
00:05:35.0658 4868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:05:35.0757 4868 MpsSvc - ok
00:05:35.0793 4868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:05:35.0831 4868 MRxDAV - ok
00:05:35.0867 4868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:05:35.0904 4868 mrxsmb - ok
00:05:35.0945 4868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:05:35.0977 4868 mrxsmb10 - ok
00:05:36.0000 4868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:05:36.0017 4868 mrxsmb20 - ok
00:05:36.0057 4868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:05:36.0084 4868 msahci - ok
00:05:36.0123 4868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:05:36.0144 4868 msdsm - ok
00:05:36.0176 4868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:05:36.0215 4868 MSDTC - ok
00:05:36.0245 4868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:05:36.0285 4868 Msfs - ok
00:05:36.0302 4868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:05:36.0359 4868 mshidkmdf - ok
00:05:36.0374 4868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:05:36.0388 4868 msisadrv - ok
00:05:36.0425 4868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:05:36.0469 4868 MSiSCSI - ok
00:05:36.0475 4868 msiserver - ok
00:05:36.0499 4868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:05:36.0549 4868 MSKSSRV - ok
00:05:36.0565 4868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:05:36.0616 4868 MSPCLOCK - ok
00:05:36.0622 4868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:05:36.0670 4868 MSPQM - ok
00:05:36.0711 4868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:05:36.0745 4868 MsRPC - ok
00:05:36.0764 4868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:05:36.0780 4868 mssmbios - ok
00:05:36.0786 4868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:05:36.0840 4868 MSTEE - ok
00:05:36.0859 4868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:05:36.0876 4868 MTConfig - ok
00:05:36.0900 4868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:05:36.0916 4868 Mup - ok
00:05:36.0976 4868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:05:37.0076 4868 napagent - ok
00:05:37.0098 4868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:05:37.0141 4868 NativeWifiP - ok
00:05:37.0173 4868 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
00:05:37.0187 4868 NBVol - ok
00:05:37.0202 4868 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
00:05:37.0214 4868 NBVolUp - ok
00:05:37.0264 4868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:05:37.0334 4868 NDIS - ok
00:05:37.0344 4868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:05:37.0385 4868 NdisCap - ok
00:05:37.0398 4868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:05:37.0438 4868 NdisTapi - ok
00:05:37.0474 4868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:05:37.0531 4868 Ndisuio - ok
00:05:37.0567 4868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:05:37.0616 4868 NdisWan - ok
00:05:37.0656 4868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:05:37.0714 4868 NDProxy - ok
00:05:37.0746 4868 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:05:37.0774 4868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:05:37.0775 4868 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:05:37.0803 4868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:05:37.0855 4868 NetBIOS - ok
00:05:37.0892 4868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:05:37.0933 4868 NetBT - ok
00:05:37.0946 4868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:05:37.0967 4868 Netlogon - ok
00:05:37.0994 4868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:05:38.0068 4868 Netman - ok
00:05:38.0095 4868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:05:38.0171 4868 netprofm - ok
00:05:38.0209 4868 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:05:38.0243 4868 NetTcpPortSharing - ok
00:05:38.0269 4868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:05:38.0285 4868 nfrd960 - ok
00:05:38.0329 4868 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:05:38.0390 4868 NlaSvc - ok
00:05:38.0419 4868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:05:38.0460 4868 Npfs - ok
00:05:38.0484 4868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:05:38.0544 4868 nsi - ok
00:05:38.0559 4868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:05:38.0612 4868 nsiproxy - ok
00:05:38.0685 4868 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:05:38.0759 4868 Ntfs - ok
00:05:38.0780 4868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:05:38.0819 4868 Null - ok
00:05:38.0838 4868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:05:38.0855 4868 nvraid - ok
00:05:38.0890 4868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:05:38.0908 4868 nvstor - ok
00:05:38.0927 4868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:05:38.0944 4868 nv_agp - ok
00:05:38.0979 4868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:05:39.0011 4868 ohci1394 - ok
00:05:39.0082 4868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:05:39.0105 4868 ose - ok
00:05:39.0303 4868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:05:39.0477 4868 osppsvc - ok
00:05:39.0529 4868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:05:39.0587 4868 p2pimsvc - ok
00:05:39.0620 4868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:05:39.0659 4868 p2psvc - ok
00:05:39.0690 4868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:05:39.0709 4868 Parport - ok
00:05:39.0742 4868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:05:39.0758 4868 partmgr - ok
00:05:39.0783 4868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:05:39.0822 4868 PcaSvc - ok
00:05:39.0858 4868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:05:39.0877 4868 pci - ok
00:05:39.0894 4868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:05:39.0910 4868 pciide - ok
00:05:39.0926 4868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:05:39.0944 4868 pcmcia - ok
00:05:39.0965 4868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:05:39.0981 4868 pcw - ok
00:05:40.0005 4868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:05:40.0082 4868 PEAUTH - ok
00:05:40.0164 4868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:05:40.0212 4868 PerfHost - ok
00:05:40.0261 4868 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
00:05:40.0274 4868 PGEffect - ok
00:05:40.0340 4868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:05:40.0456 4868 pla - ok
00:05:40.0528 4868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:05:40.0574 4868 PlugPlay - ok
00:05:40.0612 4868 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:05:40.0643 4868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:05:40.0643 4868 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:05:40.0672 4868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:05:40.0706 4868 PNRPAutoReg - ok
00:05:40.0730 4868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:05:40.0756 4868 PNRPsvc - ok
00:05:40.0794 4868 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
00:05:40.0817 4868 Point64 - ok
00:05:40.0861 4868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:05:40.0929 4868 PolicyAgent - ok
00:05:40.0965 4868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:05:41.0025 4868 Power - ok
00:05:41.0062 4868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:05:41.0135 4868 PptpMiniport - ok
00:05:41.0160 4868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:05:41.0193 4868 Processor - ok
00:05:41.0231 4868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:05:41.0275 4868 ProfSvc - ok
00:05:41.0315 4868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:05:41.0336 4868 ProtectedStorage - ok
00:05:41.0374 4868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:05:41.0424 4868 Psched - ok
00:05:41.0479 4868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:05:41.0564 4868 ql2300 - ok
00:05:41.0592 4868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:05:41.0609 4868 ql40xx - ok
00:05:41.0634 4868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:05:41.0676 4868 QWAVE - ok
00:05:41.0694 4868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:05:41.0735 4868 QWAVEdrv - ok
00:05:41.0759 4868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:05:41.0798 4868 RasAcd - ok
00:05:41.0826 4868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:05:41.0865 4868 RasAgileVpn - ok
00:05:41.0890 4868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:05:41.0955 4868 RasAuto - ok
00:05:41.0990 4868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:05:42.0047 4868 Rasl2tp - ok
00:05:42.0099 4868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:05:42.0169 4868 RasMan - ok
00:05:42.0194 4868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:05:42.0250 4868 RasPppoe - ok
00:05:42.0269 4868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:05:42.0319 4868 RasSstp - ok
00:05:42.0354 4868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:05:42.0426 4868 rdbss - ok
00:05:42.0452 4868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:05:42.0486 4868 rdpbus - ok
00:05:42.0506 4868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:05:42.0563 4868 RDPCDD - ok
00:05:42.0589 4868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:05:42.0644 4868 RDPENCDD - ok
00:05:42.0666 4868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:05:42.0706 4868 RDPREFMP - ok
00:05:42.0754 4868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:05:42.0786 4868 RDPWD - ok
00:05:42.0822 4868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:05:42.0840 4868 rdyboost - ok
00:05:42.0879 4868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:05:42.0938 4868 RemoteAccess - ok
00:05:42.0977 4868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:05:43.0036 4868 RemoteRegistry - ok
00:05:43.0056 4868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:05:43.0114 4868 RpcEptMapper - ok
00:05:43.0144 4868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:05:43.0179 4868 RpcLocator - ok
00:05:43.0221 4868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:05:43.0312 4868 RpcSs - ok
00:05:43.0338 4868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:05:43.0389 4868 rspndr - ok
00:05:43.0426 4868 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:05:43.0462 4868 RSUSBSTOR - ok
00:05:43.0497 4868 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
00:05:43.0513 4868 RTHDMIAzAudService - ok
00:05:43.0563 4868 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:05:43.0608 4868 RTL8167 - ok
00:05:43.0657 4868 [ A9EDE191B5478D18F0A1BFF3B822F7A5 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
00:05:43.0717 4868 rtl8192se - ok
00:05:43.0724 4868 RtsUIR - ok
00:05:43.0750 4868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:05:43.0771 4868 SamSs - ok
00:05:43.0806 4868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:05:43.0822 4868 sbp2port - ok
00:05:43.0861 4868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:05:43.0920 4868 SCardSvr - ok
00:05:43.0947 4868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:05:44.0017 4868 scfilter - ok
00:05:44.0075 4868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:05:44.0178 4868 Schedule - ok
00:05:44.0209 4868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:05:44.0252 4868 SCPolicySvc - ok
00:05:44.0296 4868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:05:44.0345 4868 SDRSVC - ok
00:05:44.0381 4868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:05:44.0437 4868 secdrv - ok
00:05:44.0487 4868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:05:44.0573 4868 seclogon - ok
00:05:44.0609 4868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:05:44.0675 4868 SENS - ok
00:05:44.0697 4868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:05:44.0721 4868 SensrSvc - ok
00:05:44.0744 4868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:05:44.0774 4868 Serenum - ok
00:05:44.0801 4868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:05:44.0830 4868 Serial - ok
00:05:44.0851 4868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:05:44.0869 4868 sermouse - ok
00:05:44.0914 4868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:05:44.0979 4868 SessionEnv - ok
00:05:45.0015 4868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:05:45.0045 4868 sffdisk - ok
00:05:45.0070 4868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:05:45.0103 4868 sffp_mmc - ok
00:05:45.0125 4868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:05:45.0158 4868 sffp_sd - ok
00:05:45.0191 4868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:05:45.0208 4868 sfloppy - ok
00:05:45.0263 4868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:05:45.0330 4868 SharedAccess - ok
00:05:45.0374 4868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:05:45.0440 4868 ShellHWDetection - ok
00:05:45.0466 4868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:05:45.0481 4868 SiSRaid2 - ok
00:05:45.0504 4868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:05:45.0521 4868 SiSRaid4 - ok
00:05:45.0634 4868 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:05:45.0659 4868 SkypeUpdate - ok
00:05:45.0686 4868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:05:45.0745 4868 Smb - ok
00:05:45.0789 4868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:05:45.0827 4868 SNMPTRAP - ok
00:05:45.0872 4868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:05:45.0896 4868 spldr - ok
00:05:45.0974 4868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:05:46.0040 4868 Spooler - ok
00:05:46.0163 4868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:05:46.0316 4868 sppsvc - ok
00:05:46.0353 4868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:05:46.0411 4868 sppuinotify - ok
00:05:46.0553 4868 [ 1ED3834B42CD6ED09ACA29739EE55DC0 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
00:05:46.0681 4868 SProtection - ok
00:05:46.0747 4868 [ 385F416318EE00FED8777C05C7AC86D0 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
00:05:46.0815 4868 SpyHunter 4 Service - ok
00:05:46.0875 4868 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys
00:05:46.0890 4868 sp_rsdrv2 - ok
00:05:46.0931 4868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:05:46.0968 4868 srv - ok
00:05:47.0017 4868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:05:47.0051 4868 srv2 - ok
00:05:47.0075 4868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:05:47.0112 4868 srvnet - ok
00:05:47.0167 4868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:05:47.0243 4868 SSDPSRV - ok
00:05:47.0263 4868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:05:47.0312 4868 SstpSvc - ok
00:05:47.0440 4868 [ 24543AAF056D3AFCED3F4FF487F53C90 ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
00:05:47.0504 4868 ST2012_Svc - ok
00:05:47.0513 4868 StarOpen - ok
00:05:47.0547 4868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:05:47.0563 4868 stexstor - ok
00:05:47.0594 4868 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:05:47.0614 4868 StillCam - ok
00:05:47.0656 4868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:05:47.0712 4868 stisvc - ok
00:05:47.0753 4868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:05:47.0780 4868 swenum - ok
00:05:47.0820 4868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:05:47.0904 4868 swprv - ok
00:05:47.0943 4868 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:05:47.0961 4868 SynTP - ok
00:05:48.0045 4868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:05:48.0147 4868 SysMain - ok
00:05:48.0187 4868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:05:48.0233 4868 TabletInputService - ok
00:05:48.0265 4868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:05:48.0344 4868 TapiSrv - ok
00:05:48.0376 4868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:05:48.0425 4868 TBS - ok
00:05:48.0505 4868 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:05:48.0589 4868 Tcpip - ok
00:05:48.0634 4868 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:05:48.0679 4868 TCPIP6 - ok
00:05:48.0725 4868 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:05:48.0751 4868 tcpipreg - ok
00:05:48.0786 4868 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
00:05:48.0800 4868 tdcmdpst - ok
00:05:48.0822 4868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:05:48.0840 4868 TDPIPE - ok
00:05:48.0876 4868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:05:48.0905 4868 TDTCP - ok
00:05:48.0936 4868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:05:48.0990 4868 tdx - ok
00:05:49.0045 4868 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
00:05:49.0067 4868 TemproMonitoringService - ok
00:05:49.0115 4868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:05:49.0131 4868 TermDD - ok
00:05:49.0180 4868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:05:49.0273 4868 TermService - ok
00:05:49.0300 4868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:05:49.0352 4868 Themes - ok
00:05:49.0388 4868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:05:49.0434 4868 THREADORDER - ok
00:05:49.0498 4868 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:05:49.0519 4868 TMachInfo - ok
00:05:49.0570 4868 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
00:05:49.0592 4868 TODDSrv - ok
00:05:49.0663 4868 [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
00:05:49.0676 4868 TomTomHOMEService - ok
00:05:49.0760 4868 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:05:49.0783 4868 TosCoSrv - ok
00:05:49.0854 4868 [ 707800855AFBD7648375EFB1519B8D6D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
00:05:49.0878 4868 TOSHIBA eco Utility Service - ok
00:05:49.0952 4868 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:05:49.0973 4868 TOSHIBA HDD SSD Alert Service - ok
00:05:50.0014 4868 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
00:05:50.0036 4868 tos_sps64 - ok
00:05:50.0093 4868 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
00:05:50.0130 4868 TPCHSrv - ok
00:05:50.0157 4868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:05:50.0225 4868 TrkWks - ok
00:05:50.0286 4868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:05:50.0352 4868 TrustedInstaller - ok
00:05:50.0392 4868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:05:50.0450 4868 tssecsrv - ok
00:05:50.0489 4868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:05:50.0507 4868 TsUsbFlt - ok
00:05:50.0634 4868 [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
00:05:50.0748 4868 TuneUp.UtilitiesSvc - ok
00:05:50.0756 4868 TuneUpUtilitiesDrv - ok
00:05:50.0790 4868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:05:50.0842 4868 tunnel - ok
00:05:50.0875 4868 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
00:05:50.0888 4868 TVALZ - ok
00:05:50.0925 4868 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
00:05:50.0942 4868 TVALZFL - ok
00:05:50.0976 4868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:05:50.0994 4868 uagp35 - ok
00:05:51.0031 4868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:05:51.0094 4868 udfs - ok
00:05:51.0134 4868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:05:51.0161 4868 UI0Detect - ok
00:05:51.0196 4868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:05:51.0212 4868 uliagpkx - ok
00:05:51.0237 4868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:05:51.0270 4868 umbus - ok
00:05:51.0296 4868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:05:51.0313 4868 UmPass - ok
00:05:51.0342 4868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:05:51.0403 4868 upnphost - ok
00:05:51.0445 4868 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:05:51.0459 4868 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
00:05:51.0459 4868 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
00:05:51.0486 4868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:05:51.0520 4868 usbccgp - ok
00:05:51.0528 4868 USBCCID - ok
00:05:51.0565 4868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:05:51.0585 4868 usbcir - ok
00:05:51.0594 4868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:05:51.0626 4868 usbehci - ok
00:05:51.0653 4868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:05:51.0686 4868 usbhub - ok
00:05:51.0711 4868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:05:51.0739 4868 usbohci - ok
00:05:51.0773 4868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:05:51.0807 4868 usbprint - ok
00:05:51.0849 4868 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
00:05:51.0879 4868 usbser - ok
00:05:51.0905 4868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:05:51.0934 4868 USBSTOR - ok
00:05:51.0961 4868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:05:51.0989 4868 usbuhci - ok
00:05:52.0030 4868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:05:52.0052 4868 usbvideo - ok
00:05:52.0085 4868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:05:52.0134 4868 UxSms - ok
00:05:52.0145 4868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:05:52.0166 4868 VaultSvc - ok
00:05:52.0187 4868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:05:52.0204 4868 vdrvroot - ok
00:05:52.0247 4868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:05:52.0332 4868 vds - ok
00:05:52.0360 4868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:05:52.0380 4868 vga - ok
00:05:52.0413 4868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:05:52.0468 4868 VgaSave - ok
00:05:52.0499 4868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:05:52.0518 4868 vhdmp - ok
00:05:52.0555 4868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:05:52.0582 4868 viaide - ok
00:05:52.0599 4868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:05:52.0616 4868 volmgr - ok
00:05:52.0654 4868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:05:52.0676 4868 volmgrx - ok
00:05:52.0698 4868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:05:52.0720 4868 volsnap - ok
00:05:52.0728 4868 vpnva - ok
00:05:52.0749 4868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:05:52.0767 4868 vsmraid - ok
00:05:52.0850 4868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:05:52.0967 4868 VSS - ok
00:05:52.0990 4868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:05:53.0020 4868 vwifibus - ok
00:05:53.0047 4868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:05:53.0089 4868 vwififlt - ok
00:05:53.0116 4868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:05:53.0153 4868 vwifimp - ok
00:05:53.0191 4868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:05:53.0252 4868 W32Time - ok
00:05:53.0279 4868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:05:53.0315 4868 WacomPen - ok
00:05:53.0350 4868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:05:53.0403 4868 WANARP - ok
00:05:53.0411 4868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:05:53.0451 4868 Wanarpv6 - ok
00:05:53.0524 4868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:05:53.0632 4868 wbengine - ok
00:05:53.0658 4868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:05:53.0700 4868 WbioSrvc - ok
00:05:53.0740 4868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:05:53.0799 4868 wcncsvc - ok
00:05:53.0826 4868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:05:53.0853 4868 WcsPlugInService - ok
00:05:53.0880 4868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:05:53.0896 4868 Wd - ok
00:05:53.0951 4868 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:05:53.0995 4868 Wdf01000 - ok
00:05:54.0017 4868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:05:54.0059 4868 WdiServiceHost - ok
00:05:54.0068 4868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:05:54.0099 4868 WdiSystemHost - ok
00:05:54.0144 4868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:05:54.0219 4868 WebClient - ok
00:05:54.0253 4868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:05:54.0338 4868 Wecsvc - ok
00:05:54.0359 4868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:05:54.0414 4868 wercplsupport - ok
00:05:54.0438 4868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:05:54.0499 4868 WerSvc - ok
00:05:54.0529 4868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:05:54.0569 4868 WfpLwf - ok
00:05:54.0585 4868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:05:54.0601 4868 WIMMount - ok
00:05:54.0621 4868 WinDefend - ok
00:05:54.0639 4868 WinHttpAutoProxySvc - ok
00:05:54.0703 4868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:05:54.0779 4868 Winmgmt - ok
00:05:54.0856 4868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:05:54.0970 4868 WinRM - ok
00:05:55.0025 4868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:05:55.0063 4868 WinUsb - ok
00:05:55.0123 4868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:05:55.0193 4868 Wlansvc - ok
00:05:55.0219 4868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:05:55.0238 4868 WmiAcpi - ok
00:05:55.0284 4868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:05:55.0320 4868 wmiApSrv - ok
00:05:55.0353 4868 WMPNetworkSvc - ok
00:05:55.0376 4868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:05:55.0403 4868 WPCSvc - ok
00:05:55.0436 4868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:05:55.0466 4868 WPDBusEnum - ok
00:05:55.0508 4868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:05:55.0565 4868 ws2ifsl - ok
00:05:55.0587 4868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:05:55.0629 4868 wscsvc - ok
00:05:55.0638 4868 WSearch - ok
00:05:55.0721 4868 [ D7E88349BE0F01E4D8D776ADB1F325BF ] WTGService C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
00:05:55.0744 4868 WTGService - ok
00:05:55.0846 4868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:05:55.0972 4868 wuauserv - ok
00:05:56.0011 4868 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:05:56.0043 4868 WudfPf - ok
00:05:56.0066 4868 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:05:56.0085 4868 WUDFRd - ok
00:05:56.0122 4868 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:05:56.0159 4868 wudfsvc - ok
00:05:56.0194 4868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:05:56.0252 4868 WwanSvc - ok
00:05:56.0291 4868 [ 6533F30045B0A234783BD8B4069F0433 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
00:05:56.0306 4868 XUIF - ok
00:05:56.0342 4868 ================ Scan global ===============================
00:05:56.0395 4868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:05:56.0435 4868 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:05:56.0457 4868 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:05:56.0492 4868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:05:56.0529 4868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:05:56.0550 4868 [Global] - ok
00:05:56.0550 4868 ================ Scan MBR ==================================
00:05:56.0567 4868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:05:56.0952 4868 \Device\Harddisk0\DR0 - ok
00:05:56.0963 4868 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
00:05:57.0610 4868 \Device\Harddisk1\DR1 - ok
00:05:57.0611 4868 ================ Scan VBR ==================================
00:05:57.0652 4868 [ ED40A603CE9573B1EBA03BDAFD5C87AA ] \Device\Harddisk0\DR0\Partition1
00:05:57.0655 4868 \Device\Harddisk0\DR0\Partition1 - ok
00:05:57.0680 4868 [ 7DE6A292B019852489272EAEDC7A9F00 ] \Device\Harddisk0\DR0\Partition2
00:05:57.0683 4868 \Device\Harddisk0\DR0\Partition2 - ok
00:05:57.0688 4868 [ 1002763E1DED2C9AA4F8388B3926641F ] \Device\Harddisk1\DR1\Partition1
00:05:57.0690 4868 \Device\Harddisk1\DR1\Partition1 - ok
00:05:57.0691 4868 ============================================================
00:05:57.0691 4868 Scan finished
00:05:57.0691 4868 ============================================================
00:05:57.0715 3400 Detected object count: 8
00:05:57.0715 3400 Actual detected object count: 8
00:06:07.0859 3400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0859 3400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0862 3400 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0862 3400 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0865 3400 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0868 3400 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0869 3400 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0869 3400 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0872 3400 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0872 3400 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0874 3400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0874 3400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0877 3400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0877 3400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:06:07.0880 3400 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
00:06:07.0880 3400 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 07.05.2013, 23:10   #7
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 23:34   #8
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Code:
ATTFilter
ComboFix 13-05-07.02 - Valentin 08.05.2013   0:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.2355 [GMT 2:00]
ausgeführt von:: c:\users\Valentin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
c:\program files (x86)\DefaultTab\uid
C:\RestorPoint
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14317BE4-D245-46D7-80B6-8A1FE6372312}.xps
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51848B14-665E-416C-AC34-6AD4A8F32AFF}.xps
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{608C77D4-20F0-4873-813B-1EEDA1C2C7D8}.xps
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9E5F64BB-9B18-40C2-B060-D00D249DFD66}.xps
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB5E7FE2-A726-44B4-B6B7-7FB74FD701DB}.xps
c:\users\Valentin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E08F7EB8-74BE-4C0E-80A9-E05462726A38}.xps
c:\users\Valentin\Documents\~WRL1534.tmp
c:\users\Valentin\videos\geek.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-07 22:25 . 2013-05-07 22:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-07 14:31 . 2013-05-07 14:30	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-04-25 08:50 . 2013-04-25 08:50	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2013-04-25 08:50 . 2013-04-25 08:50	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2013-04-24 09:22 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 13:56 . 2013-04-23 13:56	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-04-23 13:56 . 2013-05-07 20:28	--------	d-----w-	c:\programdata\Spyware Terminator
2013-04-23 13:56 . 2013-04-26 08:03	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2013-04-16 17:07 . 2013-05-07 22:14	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-16 17:07 . 2013-05-07 22:14	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2013-04-16 15:29 . 2012-06-22 09:01	22704	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2013-04-16 15:29 . 2013-04-16 15:29	110080	----a-r-	c:\users\Valentin\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-04-16 15:29 . 2013-04-16 15:29	110080	----a-r-	c:\users\Valentin\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-04-16 15:29 . 2013-04-16 15:29	110080	----a-r-	c:\users\Valentin\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-04-16 15:29 . 2013-04-16 15:29	--------	d-----w-	c:\program files\Enigma Software Group
2013-04-16 15:29 . 2013-04-16 17:07	--------	d-----w-	c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-14 19:53 . 2013-04-14 19:53	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-13 11:57 . 2013-04-13 11:57	--------	d-----w-	c:\programdata\Gibraltar
2013-04-13 09:17 . 2013-04-13 09:18	--------	d-----w-	c:\users\Valentin\AppData\Roaming\Swiss Academic Software
2013-04-10 09:34 . 2013-04-10 09:34	--------	d-----w-	c:\users\Valentin\restore
2013-04-10 09:27 . 2013-04-10 11:29	--------	d-----w-	c:\program files (x86)\CEWE COLOR
2013-04-08 11:32 . 2013-04-08 11:32	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 18:17 . 2009-11-04 15:37	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-07 20:46 . 2013-04-07 20:46	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-07 20:46 . 2013-04-07 20:46	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-07 20:46 . 2013-04-07 20:46	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\SysWow64\GPhotos.scr
2013-03-16 10:07 . 2012-08-06 09:32	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 10:07 . 2012-08-06 09:32	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 13:57 . 2013-03-16 09:43	1188864	----a-w-	c:\windows\system32\wininet.dll
2013-02-28 13:57 . 2013-03-16 09:43	1493504	----a-w-	c:\windows\system32\urlmon.dll
2013-02-28 13:57 . 2013-03-16 09:43	134144	----a-w-	c:\windows\system32\url.dll
2013-02-28 13:57 . 2013-03-16 09:44	9061376	----a-w-	c:\windows\system32\mshtml.dll
2013-02-28 13:57 . 2013-03-16 09:43	735744	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-28 13:57 . 2013-03-16 09:43	97792	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-28 13:57 . 2013-03-16 09:44	12296192	----a-w-	c:\windows\system32\ieframe.dll
2013-02-28 13:57 . 2013-03-16 09:43	2458112	----a-w-	c:\windows\system32\iertutil.dll
2013-02-28 13:57 . 2013-03-16 09:43	65024	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-28 13:57 . 2013-03-16 09:43	247808	----a-w-	c:\windows\system32\ieui.dll
2013-02-28 13:37 . 2013-03-16 09:43	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-28 12:03 . 2013-03-16 09:43	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-28 11:38 . 2013-03-16 09:43	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-16 09:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 09:39	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 09:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 09:39	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 09:39	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 09:39	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-23 21:09	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Valentin\AppData\Roaming\loadtbs\toolbar.dll" [2012-08-03 616448]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys [2009-10-02 514144]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2009-06-29 61696]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R4 Ashampoo Defrag Service;Ashampoo Defrag Service;c:\program files (x86)\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-16 890208]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 54848]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-07 28600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-07 86752]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2013-04-23 51496]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-04-07 2795048]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2013-04-03 1149104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CPUZ132
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 10:07]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 13:23]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 13:23]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000Core.job
- c:\users\Valentin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:42]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2159661161-2617930059-3236517351-1000UA.job
- c:\users\Valentin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:42]
.
2013-05-07 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\program files (x86)\MAGIX\PC_Check_Tuning_2010_Download-Version\MxTray.exe [2010-12-21 08:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000
uInternet Settings,ProxyServer = 46.231.14.49:8080
uSearchAssistant = about:blank
mSearchAssistant = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
BHO-{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\program files (x86)\Softonic_Deutsch\tbSoft.dll
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
Toolbar-{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - c:\program files (x86)\Softonic_Deutsch\tbSoft.dll
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-08  00:33:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-07 22:33
.
Vor Suchlauf: 11 Verzeichnis(se), 86.887.444.480 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 85.986.017.280 Bytes frei
.
- - End Of File - - 84C6DF239FEDED7FB6CC71947CF6BDF7

Alt 07.05.2013, 23:36   #9
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 09:02   #10
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hat eine Weile gedauert

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.07.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Valentin :: VALENTIN-TOSH [Administrator]

08.05.2013 00:43:46
mbam-log-2013-05-08 (00-43-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438580
Laufzeit: 1 Stunde(n), 19 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: îÍïßÏÈOˆ*˜rƒr -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Valentin\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 18
C:\Users\Valentin\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Valentin\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 08.05.2013, 12:49   #11
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 18:04   #12
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Code:
ATTFilter
Adobe AIR	Adobe Systems Inc.	01.02.2010		1.5.3.9120 notwendig
Adobe Reader 9.4.7 - Deutsch	Adobe Systems Incorporated	04.01.2012	245MB	9.4.7 notwendig
Adobe Reader 9.5.4 - Deutsch	Adobe Systems Incorporated	22.03.2013	119MB	9.5.4 notwendig
Apple Software Update	Apple Inc.	02.11.2011	2,38MB	2.1.3.127 unnötig
Ashampoo Magical Defrag 3 v.3.0.2	Ashampoo GmbH & Co. KG	09.10.2012	37,6MB	3.0.2 notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	17.10.2009	18,2MB	3.0.732.0 unbekannt
Avira Free Antivirus	Avira	07.05.2013	122MB	13.0.0.3640 notwendig
BatteryBar (remove only)		13.12.2011		notwendig
CCleaner	Piriform	23.04.2013		4.01   notwendig
Citavi	Swiss Academic Software	13.04.2013	71,0MB	3.4.0.2   notwendig
Delta	DeltaInstaller	05.02.2013	3,00KB	1.0.0.0    unnötig
Google Chrome	Google Inc.	06.08.2012		26.0.1410.64  notwendig
HP Customer Participation Program 13.0	HP	10.02.2012		13.0    notwendig
HP Document Manager 2.0	HP	10.02.2012		2.0notwendig
HP Imaging Device Functions 13.0	HP	10.02.2012		13.0  notwendig
HP Officejet 4500 G510g-m	HP	10.02.2012		13.0   notwendig
HP Product Detection	HP	08.05.2012	1,86MB	11.14.0001   notwendig
HP Smart Web Printing 4.5	HP	10.02.2012		4.5   notwendig
HP Solution Center 13.0	HP	10.02.2012		13.0    notwendig
HP Update	Hewlett-Packard	06.02.2012	3,98MB	5.003.001.001   notwendig
Iminent Toolbar For Internet Explorer		08.09.2009		unnötig
Intel® Matrix Storage Manager	Intel Corporation	17.10.2009		notwendig
Java(TM) 6 Update 35	Oracle	06.08.2012	95,6MB	6.0.350   notwendig
L&H TTS3000 British English		13.12.2012		notwendig
L&H TTS3000 Deutsch		13.12.2012		notwendig
Lame ACM MP3 Codec		13.12.2012		notwendig
Langenscheidt Vokabeltrainer 6.0 Englisch	Langenscheidt	12.10.2012	1,95GB	6.0.9   notwendig
LightScribe System Software  1.14.25.1	LightScribe	20.01.2011	20,9MB	1.14.25.1 unbekannt
MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D)	MAGIX AG	21.12.2010		5.0.25.701 notwendig
MAGIX Screenshare	MAGIX AG	21.12.2010		4.3.6.1987       notwendig  
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	08.05.2013	19,2MB	1.75.0.1300  notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	28.10.2010	38,8MB	4.0.30319
Microsoft IntelliPoint 8.1	Microsoft	24.05.2011		8.15.406.0   notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003  notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	18.04.2012	508KB	2.0.4024.1      notwendig
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	10.01.2013	114MB	12.0.6612.1000     notwendig
Microsoft Office Professional Plus 2010	Microsoft Corporation	11.11.2012		14.0.6029.1000        notwendig
Microsoft Office Suite Activation Assistant	Microsoft Corporation	08.09.2009	8,36MB	2.9        notwendig
Microsoft Silverlight		16.03.2013		unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	08.09.2009	1,72MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	16.01.2010	260KB	8.0.50727.4053unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	300KB	8.0.59193unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	17.10.2009	708KB	8.0.61000unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	16.01.2010	212KB	9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	16.01.2010	200KB	9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	08.09.2009	788KB	9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	788KB	9.0.30729.6161unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	25.09.2012	234KB	9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	25.11.2009	596KB	9.0.30729unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	06.11.2010	594KB	9.0.30729.4148unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	600KB	9.0.30729.6161unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	29.06.2012	13,8MB	10.0.40219unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	12,2MB	10.0.40219unbekannt
Microsoft Works	Microsoft Corporation	11.10.2012	1,18GB	9.7.0621   notwendig
MobileMe Control Panel		29.04.2011unbekannt		unnötig
Mouse Driver	Driver Builder	10.08.2012	3,41MB	2.0      notwendig
MouseServer Version 1.2.0	Necta Co.	07.10.2012	818KB	1.2.0   notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.12.2009	1,27MB	4.20.9870.0   unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.12.2009	1,33MB	4.20.9876.0   unbekannt
Nero Backup Drivers	Nero AG	26.06.2012	94,0KB	1.0.11100.8.0      unnötig
OCR Software by I.R.I.S. 13.0	HP	10.02.2012		13.0  unbekannt
Photomizer		08.09.2009		notwendig
Photomizer Retro SE		08.09.2009		notwendig
Picasa 3	Google, Inc.	21.03.2013		3.9  notwendig
PlayReady PC Runtime amd64	Microsoft Corporation	08.09.2009	2,05MB	1.3.0unbekannt
Preispilot		10.12.2012		unnötig
Realtek 8136 8168 8169 Ethernet Driver	Realtek	08.09.2009		1.00.0005unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	17.10.2009		6.0.1.5904unbekannt
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	17.10.2009		6.1.7600.30101unbekannt
Realtek WLAN Driver		17.10.2009	unbekannt	
Shop for HP Supplies	HP	10.02.2012		13.0 unnötig
Skype™ 6.3	Skype Technologies S.A.	14.04.2013	21,1MB	6.3.105  notwendig
Spyware Terminator 2012	Crawler.com	08.05.2013	19,7MB	3.0.0.82   unnötig
SweetIM for Messenger 3.3		28.08.2011	unnötig	
SweetIM Toolbar for Internet Explorer 4.0		28.08.2011 unnötig		
Synaptics Pointing Device Driver	Synaptics Incorporated	17.10.2009		13.2.6.1unbekannt
TomTom HOME Visual Studio Merge Modules		08.09.2009	unnötig	
Toshiba Assist	TOSHIBA	08.09.2009		3.00.09   notwendig
TOSHIBA Bulletin Board	TOSHIBA Corporation	17.10.2009		1.0.04.64notwendig
TOSHIBA ConfigFree	TOSHIBA Corporation	17.10.2009	67,5MB	8.0.21notwendig
TOSHIBA Disc Creator	TOSHIBA Corporation	08.09.2009	10,2MB	2.1.0.1 for x64notwendig
TOSHIBA DVD PLAYER	TOSHIBA Corporation	17.10.2009		3.01.0.07-Anotwendig
TOSHIBA eco Utility	TOSHIBA Corporation	17.10.2009	6,93MB	1.1.10.64notwendig
TOSHIBA Extended Tiles for Windows Mobility Center		17.10.2009		notwendig
TOSHIBA Face Recognition	TOSHIBA Corporation	17.10.2009		3.1.1.64notwendig
TOSHIBA Flash Cards Support Utility	TOSHIBA CORPORATION	14.02.2011	20,0KB	1.63.0.4Cnotwendig
TOSHIBA Hardware Setup	TOSHIBA CORPORATION	08.09.2009	7,89MB	1.63.0.11Cnotwendig
TOSHIBA HDD/SSD Alert	TOSHIBA Corporation	08.09.2009	38,0MB	3.1.64.0notwendig
Toshiba Manuals	TOSHIBA	08.09.2009		10.00notwendig
TOSHIBA PC Health Monitor	TOSHIBA Corporation	17.10.2009	27,4MB	1.4.1.64notwendig
Toshiba Photo Service - powered by myphotobook	myphotobook GmbH	08.09.2009		1.0.0-663 notwendig
TOSHIBA Recovery Media Creator	TOSHIBA Corporation	08.09.2009	2,98MB	2.1.0.2 for x64notwendig
TOSHIBA Recovery Media Creator Reminder	TOSHIBA	08.09.2009	460KB	1.00.0019notwendig
TOSHIBA ReelTime	TOSHIBA Corporation	17.10.2009		1.0.04.64notwendig
TOSHIBA SD Memory Utilities	TOSHIBA	17.10.2009	9,16MB	1.9.1.12notwendig
TOSHIBA Service Station	TOSHIBA	17.10.2009		2.1.33notwendig
TOSHIBA Supervisorkennwort	TOSHIBA CORPORATION	08.09.2009	1,94MB	1.63.0.7Cnotwendig
Toshiba TEMPRO	Toshiba Europe GmbH	08.09.2009	10,7MB	3.05notwendig
TOSHIBA TEMPRO	Toshiba Europe GmbH	22.12.2012	11,3MB	3.35notwendig
TOSHIBA Value Added Package	TOSHIBA Corporation	14.02.2011	94,5MB	1.2.34.64 notwendig
TOSHIBA Web Camera Application	TOSHIBA Corporation	17.10.2009		1.1.1.4 notwendig
TRORMCLauncher		17.10.2009		notwendig
Verbindungsassistent	Verbindungsassistent	15.11.2012		2.1 unnötig
Windows Live Anmelde-Assistent	Microsoft Corporation	08.09.2009	1,93MB	5.000.818.5 unbekannt 
Windows Live Essentials	Microsoft Corporation	08.09.2009		14.0.8089.0726 unbekannt
Windows Live Sync	Microsoft Corporation	08.09.2009	2,79MB	14.0.8089.726unbekannt
Windows Live-Uploadtool	Microsoft Corporation	08.09.2009	224KB	14.0.8014.1029unbekannt
Windows Media Player Firefox Plugin	Microsoft Corp	02.11.2011	336KB	1.0.0.8 unnötig
WinRAR		25.11.2009		notwendig

Alt 08.05.2013, 18:20   #13
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Deinstaliere:
Adobe Reader beide
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

Apple
Delta
Iminent
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Nero
Preispilot
Shop
Spyware Terminator
SweetIM : alle
TomTom
Verbindungsassistent
Windows Live : alle von dir nicht verwendeten

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.05.2013, 18:54   #14
Lovemetal
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Bei dem Versuch iminent für internet explorer zu deinstallieren kam folgende meldung
Zitat:
the feature you are trying to use is on a cd-rom or other removable disk that is not available
das ist doch quatsch oder!?

Alt 08.05.2013, 18:57   #15
markusg
/// Malware-holic
 
Iminent / StartWeb geht nicht weg - Standard

Iminent / StartWeb geht nicht weg


Mach mal weiter mit dem Rest, dann werden wir das mit adw cleaner los.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 3 1 23

Themen zu Iminent / StartWeb geht nicht weg
.exe, als startseite, ausprobiert, browser, chrome, forum, geht nicht, geht nicht weg, gelöscht, iminent, iminent toolbar, installier, laufe, laufen, längerer, malware, programme, regedit.exe, scheiß, schonmal, seite, soooo, startseite, toolbar, unfreiwillig, web, weile


« Hilfe beim Entfernen des GVU Trojaner 2013 | Datum und Uhrzeit falsch, Firewall deaktiviert und Rechner auf einmal total langsam »


Ähnliche Themen: Iminent / StartWeb geht nicht weg


  1. Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (19)
  2. Auf ein mal mehrere Probleme: Datein nicht zu öffnen, youtube geht nicht, Download geht nicht...
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (20)
  3. Iminent - und ich werde es nicht los
    Plagegeister aller Art und deren Bekämpfung - 16.12.2014 (14)
  4. Iminent-und ich bekomme es nicht los!
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (7)
  5. Iminent laesst sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (13)
  6. Iminent läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (9)
  7. Iminent lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 07.11.2013 (11)
  8. Windows 7: Iminent lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2013 (9)
  9. Nach Installation plötzlich immer Seite "http://start.iminent.com/StartWeb/1031/newtab/Newtab.aspx" im neuen Tab
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (20)
  10. Iminent-komme nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (5)
  11. Iminent deinstallieren, Setup funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (15)
  12. Werde Iminent nicht mehr los!
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (9)
  13. Iminent lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (7)
  14. werde Iminent nicht los
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (13)
  15. Iminent ist nicht zu deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (20)
  16. Iminent lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (15)
  17. Win7 herunterfahren Button reagiert nicht, strg+alt+entf geht nicht mehr & cmd.exe geht nicht auf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Iminent / StartWeb geht nicht weg - Liebes Forum, ich habe mir auf meinem PC schon vor längerer Zeit irgendwie dieses Iminent Toolbar Teil unfreiwillig installiert. Ich habe schon echt viel ausprobiert auch in regedit.exe alle "iminent"-Dateien - Iminent / StartWeb geht nicht weg...
Archiv
Du betrachtest: Iminent / StartWeb geht nicht weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19