Mausverhalten merkwürdig

klausc127 · 26.05.2013, 14:56

Hallo,
mein Rechner zeigt folgende Symptone: Windows-Aero: wenn ich mit der Maus auf die kleinen Fenster der offenen Programme in der Taskleiste gehe, wird das zugehörige Vorschaufenster kurz aktiviert und verschwindet gleich wieder. Manchmal lassen sich pull-down.menüs nicht öffnen. Manchmal entsteht der Eindruck, dass Tastatur oder Mauseingaben verschwinden.
Bei einem Spiel Majong Titans wird ein Spielstein zyklisch aktiviert/deaktiviert, so wie wenn ich mit der Maus darüber gehe und wieder runter gehe.
Manchmal lässt sich der Rechner nicht herunterfahten
Eben fällt mir noch auf, dass wenn ich mit der Maus hier bei der Texteingabe auf die Symbole oben gehe, kommt der Hinweistext ganz kurz und verschwindet wieder.
Ich hatte mir vor ca 3 Wochen delta-search eingefangen und gestern nach der Chip-online Anleitung mit Avast Browser Cleanup beseitigt. Das hat die Symptone nicht beeinflusst.
Firefox sieht aber anders als vorher und meldet, dass die Version nicht aktuell sei, obwohl sie es ist.
Leider bin ich erst danach auf das Trojaner-Board gekommen.
Avast-Antivirus und Malwarebyte zeigen keine Fehler.
Der Anleitung der "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? " bin ich gefolgt, die Dateien sind beigefügt, OTL hat aber kein Extra erzeugt.
Vielen Dank für Hilfe im Voraus
Klaus

cosinus · 26.05.2013, 18:50

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

klausc127 · 27.05.2013, 08:48

Hallo Cosinus,
vielen Dank für Deine Bereitschaft, mir zu helfen.
Von Avast habe ich den Container-Inhalt. Leider läßt sich der Text nicht kopieren, deshalb im Anhang als Bildschirmabbild Avast.png. Wenn nötig kann ich die Daten noch abtippen
Protokolle von Avast:
Schnelle Überprüfung 22.5.13 kein Virus gefunden
Schnelle Überprüfung 23.5.13 kein Virus gefunden
Vollständige Überprüfung 22.5.13 einige Dateien konnten nicht überprüft werden
>>das waren
C:\Users\Klaus\AppData\Local\Microsoft\Outlook\archive.pst Fehler: der Prozess kann nicht auf die Daten zugreifen...
C:\Users\Klaus\AppData\Local\Microsoft\Outlook\outlook.pst Fehler: der Prozess kann nicht auf die Daten zugreifen...
Da hatte ich Outlook offen
Malwarebyte

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Klaus :: USER-TOSH [limited]

Protection: Enabled

26.05.2013 09:43:58
mbam-log-2013-05-26 (09-43-58).txt

Scan type: Full scan (C:\|F:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 433843
Time elapsed: 25 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\ProgramData\Malwarebytes..\Logs\protection-log-2013-05-26.txt

Code:

ATTFilter

2013/05/26 13:59:40 +0200	USER-TOSH	Klaus	MESSAGE	Starting protection
2013/05/26 13:59:40 +0200	USER-TOSH	Klaus	MESSAGE	Protection started successfully
2013/05/26 13:59:40 +0200	USER-TOSH	Klaus	MESSAGE	Starting IP protection
2013/05/26 13:59:48 +0200	USER-TOSH	Klaus	MESSAGE	IP Protection started successfully
2013/05/26 14:56:51 +0200	USER-TOSH	(null)	MESSAGE	Starting protection
2013/05/26 14:56:51 +0200	USER-TOSH	(null)	MESSAGE	Protection started successfully
2013/05/26 14:56:51 +0200	USER-TOSH	(null)	MESSAGE	Starting IP protection
2013/05/26 14:56:54 +0200	USER-TOSH	(null)	MESSAGE	IP Protection started successfully
2013/05/26 18:52:22 +0200	USER-TOSH	Klaus	MESSAGE	Starting protection
2013/05/26 18:52:22 +0200	USER-TOSH	Klaus	MESSAGE	Protection started successfully
2013/05/26 18:52:22 +0200	USER-TOSH	Klaus	MESSAGE	Starting IP protection
2013/05/26 18:52:25 +0200	USER-TOSH	Klaus	MESSAGE	IP Protection started successfully

solche Log-Dateien habe ich auch noch von vorher, die haben alle den gleichen oder ähnlichen Inhalt
Die Quarantine ist leer.

So, das war es erst einmal.
Grüße
Klaus

cosinus · 27.05.2013, 08:49

Hatte Malwarebyte noch nie etwas gefunden?

klausc127 · 27.05.2013, 13:20

Hallo Cosinus,
Malwarebyte hatte mal etwas gefunden, das war so weit ich mich erinnere eine Datei in Downloads bei pdfcreator. Leider habe ich das gelöscht. Sorry, war dumm von mir.
Das Teil müsste aber noch in meinen Backups sein (paragon backup&recovery und Windows Image, liegt alles auf einer externen USB-Disk)
Ich könnte die scannen, wenn Du das sinnvoll für hälts. (Womit und wie?).
Grüße
Klaus

cosinus · 27.05.2013, 16:04

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

klausc127 · 28.05.2013, 08:31

Hallo Cosinus,
ich avast und defender deaktiviert und dann combofix gestartet. Da erschien die Meldung
'Versuche Wiederherstellungspunkt zu erstellen'
Das habe ich als Aufforderung verstanden und deshalb die Systemsteuerung gestartet und mich bis zum Fenster 'Sichern und Wiederherstellen' geklickt. Dann bemerkte ich, dass das gar nicht erwartet wurde und habe nichts mehr getan, auch das Fenster nicht mehr geschlossen. Combofix hatte bis dahin die Stufe 1 noch nicht fertiggestellt oder gerade fertiggestellt(?).
Das Verhalten des Rechners hat sich geändert: ich kann nun in die kleinen Fenster geöffneter Programme in der Taskleiste klicken und das Programme wird gleich angezeigt. Die anderen Symptome sind noch da.
Neues Symptom: Um die Bildschirme (integrierter und externer) anzupassen: Deskopt rechter Mausklick>Grafikeigenschaften führt zu der Meldung:
'C:\windows\system32\gfxUI.exe Ein an das System angeschlossenes Gerät funktioniert nicht'
Es wurde ein neuer Ordner erzeugt:
C:\Qoobox

Hier nun die combofix-ergebnisse:
[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-05-27.02 - user 28.05.2013   8:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3997.1715 [GMT 2:00]
ausgeführt von:: c:\users\Klaus\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\test.txt
c:\users\Klaus\Documents\~WRL2348.tmp
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\MSMAsk32.ocx
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 06:17 . 2013-05-28 06:17	--------	d-----w-	c:\users\user\AppData\Local\temp
2013-05-28 06:17 . 2013-05-28 06:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-28 05:59 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A3F8352-BA9E-44C6-B62A-9842F83EEF3F}\mpengine.dll
2013-05-26 07:41 . 2013-05-26 07:41	--------	d-----w-	c:\users\Klaus\AppData\Roaming\Malwarebytes
2013-05-25 10:02 . 2013-05-11 22:27	262552	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-25 07:51 . 2013-05-25 07:51	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-05-22 13:41 . 2013-05-22 13:41	--------	d-----w-	c:\users\user\AppData\Roaming\Malwarebytes
2013-05-22 13:41 . 2013-05-22 13:41	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-22 13:41 . 2013-05-22 13:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-22 13:41 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-16 06:42 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 06:42 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 06:42 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-16 06:42 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-16 06:42 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-16 06:42 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-16 06:42 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-16 06:42 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-16 06:42 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 06:42 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-16 06:42 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-13 14:01 . 2013-05-13 14:01	--------	d-----w-	c:\programdata\scripts
2013-05-03 14:04 . 2013-05-03 14:03	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-03 14:04 . 2013-05-03 14:03	311200	----a-w-	c:\windows\system32\javaws.exe
2013-05-03 14:04 . 2013-05-03 14:03	1092512	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-05-03 14:03 . 2013-05-03 14:03	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-03 14:03 . 2013-05-03 14:03	188832	----a-w-	c:\windows\system32\javaw.exe
2013-05-03 14:03 . 2013-05-03 14:03	188320	----a-w-	c:\windows\system32\java.exe
2013-05-03 14:03 . 2013-05-03 14:03	--------	d-----w-	c:\program files\Java
2013-05-03 11:34 . 2013-05-13 12:52	--------	d-----w-	c:\users\Klaus\.android
2013-05-03 11:34 . 2013-05-03 11:34	--------	d-----w-	c:\users\Klaus\AppData\Local\Android
2013-04-28 10:30 . 2013-04-28 10:30	--------	d-----w-	c:\users\Klaus\Neuer Ordner (2)
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 20:57 . 2012-01-05 08:58	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 06:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 06:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 06:42	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 06:42	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 06:42	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 06:42	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:16	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-06 07:56 . 2013-04-06 07:56	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-06 07:56 . 2013-04-06 07:56	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-06 07:56 . 2013-04-06 07:56	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-06 07:56 . 2013-04-06 07:56	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-06 07:56 . 2013-04-06 07:56	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-06 07:56 . 2013-04-06 07:56	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-06 07:56 . 2013-04-06 07:56	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-06 07:56 . 2013-04-06 07:56	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-06 07:56 . 2013-04-06 07:56	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-06 07:56 . 2013-04-06 07:56	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-06 07:56 . 2013-04-06 07:56	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-06 07:56 . 2013-04-06 07:56	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-06 07:56 . 2013-04-06 07:56	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-06 07:56 . 2013-04-06 07:56	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-06 07:56 . 2013-04-06 07:56	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-06 07:56 . 2013-04-06 07:56	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-06 07:56 . 2013-04-06 07:56	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-06 07:56 . 2013-04-06 07:56	441856	----a-w-	c:\windows\system32\html.iec
2013-04-06 07:56 . 2013-04-06 07:56	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-06 07:56 . 2013-04-06 07:56	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-06 07:56 . 2013-04-06 07:56	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-06 07:56 . 2013-04-06 07:56	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-06 07:56 . 2013-04-06 07:56	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-06 07:56 . 2013-04-06 07:56	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-06 07:56 . 2013-04-06 07:56	235008	----a-w-	c:\windows\system32\url.dll
2013-04-06 07:56 . 2013-04-06 07:56	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-06 07:56 . 2013-04-06 07:56	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-06 07:56 . 2013-04-06 07:56	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-06 07:56 . 2013-04-06 07:56	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-06 07:56 . 2013-04-06 07:56	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-06 07:56 . 2013-04-06 07:56	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-06 07:56 . 2013-04-06 07:56	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-06 07:56 . 2013-04-06 07:56	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-06 07:56 . 2013-04-06 07:56	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-06 07:56 . 2013-04-06 07:56	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-06 07:56 . 2013-04-06 07:56	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-06 07:56 . 2013-04-06 07:56	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-06 07:56 . 2013-04-06 07:56	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-06 07:56 . 2013-04-06 07:56	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-06 07:56 . 2013-04-06 07:56	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-06 07:56 . 2013-04-06 07:56	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-06 07:56 . 2013-04-06 07:56	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-06 07:56 . 2013-04-06 07:56	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-06 07:56 . 2013-04-06 07:56	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-06 07:56 . 2013-04-06 07:56	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-06 07:56 . 2013-04-06 07:56	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-06 07:56 . 2013-04-06 07:56	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-06 07:56 . 2013-04-06 07:56	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-06 07:56 . 2013-04-06 07:56	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-06 07:55 . 2013-04-06 07:55	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-06 07:55 . 2013-04-06 07:55	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-06 07:55 . 2013-04-06 07:55	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-06 07:55 . 2013-04-06 07:55	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-06 07:55 . 2013-04-06 07:55	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-06 07:55 . 2013-04-06 07:55	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-06 07:55 . 2013-04-06 07:55	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-06 07:55 . 2013-04-06 07:55	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-06 07:55 . 2013-04-06 07:55	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-06 07:55 . 2013-04-06 07:55	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-06 07:55 . 2013-04-06 07:55	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-06 07:55 . 2013-04-06 07:55	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-06 07:55 . 2013-04-06 07:55	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-06 07:55 . 2013-04-06 07:55	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-06 07:55 . 2013-04-06 07:55	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-06 07:55 . 2013-04-06 07:55	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-06 07:55 . 2013-04-06 07:55	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-06 07:55 . 2013-04-06 07:55	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-06 07:55 . 2013-04-06 07:55	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-06 07:55 . 2013-04-06 07:55	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-06 07:55 . 2013-04-06 07:55	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-06 07:55 . 2013-04-06 07:55	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-04-06 07:55 . 2013-04-06 07:55	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-06 07:55 . 2013-04-06 07:55	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-04-06 07:55 . 2013-04-06 07:55	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-04-06 07:55 . 2013-04-06 07:55	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-06 07:55 . 2013-04-06 07:55	1643520	----a-w-	c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-06-01 506712]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-11-08 898952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
c:\users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\users\user\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe [N/A]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 aswVmm;aswVmm; [x]
R3 BioNTDrv;BioNTDrv;c:\program files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\BioNTDrv.SYS [2011-11-17 20784]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]
R3 dfu;dfu;c:\windows\system32\drivers\MassDfu64.sys [2011-12-12 15360]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-10 17408]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-01-11 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-01-11 12384]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe [2008-11-04 68760]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-29 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-04-10 13936]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 hhdserhelp;HHD Software Serial Monitoring Helper Driver;c:\windows\system32\drivers\hhdserhelp.sys [2011-08-16 20776]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-08-23 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-19 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-19 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-04-10 206960]
S3 hhdserial64;HHD Software Serial Monitoring Filter Driver;c:\windows\system32\DRIVERS\hhdserial64.sys [2011-08-16 42280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-28 92672]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-28 209408]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-08-10 833464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-25 12:58	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-05-18 12:24]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:40]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 20:40]
.
2013-05-27 c:\windows\Tasks\Paragon Archive name arc_260313104821816.job
- c:\program files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\scripts.exe [2011-11-17 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 17:50	76040	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-10 12856936]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-10-16 150992]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www2.delta-search.com/?affID=119677&babsrc=HP_ss&mntrId=765988532E772D39
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{33822A57-F00C-4F8D-BC78-8B65AE4DDCDC}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f80273e8.default\
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 7659b24500000000000088532e772d39
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:37
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Klaus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Klaus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Klaus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Klaus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28  08:41:41
ComboFix-quarantined-files.txt  2013-05-28 06:41
.
Vor Suchlauf: 20 Verzeichnis(se), 24.070.963.200 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 25.055.199.232 Bytes frei
.
- - End Of File - - 31F509542C9BADE00EB648CF77F7640F

--- --- ---

cosinus · 28.05.2013, 09:15

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

klausc127 · 28.05.2013, 12:55

Hallo Cosinus,
Malwarebyte ausgeführt. Kein Fehler gefunden. Clean nicht anklickbar.
aswMBR: geladen, avast und defender deaktiviert, aswMBR gestartet mit SCAN:
im Fenster läuft einiges durch, dann kommt die Meldung, dass avast beendet werden musste.
Tddskiller nicht mehr ausgeführt.
log von Malwarebyte:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 4190683136, free: 1379987456

Downloaded database version: v2013.05.28.02
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     05/28/2013 13:26:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\uim_vimx64.sys
\SystemRoot\System32\Drivers\Uim_IMx64.sys
\SystemRoot\System32\Drivers\UimFIO.SYS
\SystemRoot\system32\DRIVERS\uimx64.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\system32\DRIVERS\hhdserial64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\ftdibus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\windows\system32\drivers\hcmon.sys
\??\C:\windows\system32\drivers\vmx86.sys
\??\C:\windows\system32\drivers\hhdserhelp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\windows\system32\drivers\vmnetuserif.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\Drivers\PROCEXP113.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80068d4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa800567d050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80068d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80068d4b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80068d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800567cb20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800567d050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38A0D742

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 203302912

    Partition 2 type is Other (0x84)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206376960  Numsec = 16777216

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 223154176  Numsec = 26914816

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

Grüße
Klaus

cosinus · 28.05.2013, 13:15

falsches Log von MBAR

klausc127 · 28.05.2013, 13:49

ich hoffe, das ist richtig, Sorry.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
user :: USER-TOSH [administrator]

28.05.2013 13:26:44
mbar-log-2013-05-28 (13-26-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 276846
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 28.05.2013, 13:51

ok, dann jetzt bitte tdsskiller

klausc127 · 28.05.2013, 14:49

TDSSKiller:

Code:

ATTFilter

15:38:58.0703 4044  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:38:58.0968 4044  ============================================================
15:38:58.0968 4044  Current date / time: 2013/05/28 15:38:58.0968
15:38:58.0968 4044  SystemInfo:
15:38:58.0968 4044  
15:38:58.0968 4044  OS Version: 6.1.7601 ServicePack: 1.0
15:38:58.0968 4044  Product type: Workstation
15:38:58.0968 4044  ComputerName: USER-TOSH
15:38:58.0968 4044  UserName: user
15:38:58.0968 4044  Windows directory: C:\windows
15:38:58.0968 4044  System windows directory: C:\windows
15:38:58.0968 4044  Running under WOW64
15:38:58.0968 4044  Processor architecture: Intel x64
15:38:58.0968 4044  Number of processors: 4
15:38:58.0968 4044  Page size: 0x1000
15:38:58.0968 4044  Boot type: Normal boot
15:38:58.0968 4044  ============================================================
15:38:59.0265 4044  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:38:59.0265 4044  ============================================================
15:38:59.0265 4044  \Device\Harddisk0\DR0:
15:38:59.0265 4044  MBR partitions:
15:38:59.0265 4044  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC1E2800
15:38:59.0265 4044  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD4D1000, BlocksNum 0x19AB000
15:38:59.0265 4044  ============================================================
15:38:59.0265 4044  C: <-> \Device\Harddisk0\DR0\Partition1
15:38:59.0265 4044  F: <-> \Device\Harddisk0\DR0\Partition2
15:38:59.0265 4044  ============================================================
15:38:59.0265 4044  Initialize success
15:38:59.0265 4044  ============================================================
15:42:37.0649 5484  ============================================================
15:42:37.0649 5484  Scan started
15:42:37.0649 5484  Mode: Manual; SigCheck; TDLFS; 
15:42:37.0649 5484  ============================================================
15:42:37.0742 5484  ================ Scan system memory ========================
15:42:37.0742 5484  System memory - ok
15:42:37.0742 5484  ================ Scan services =============================
15:42:37.0789 5484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:42:37.0898 5484  1394ohci - ok
15:42:37.0898 5484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:42:37.0929 5484  ACPI - ok
15:42:37.0929 5484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
15:42:37.0961 5484  AcpiPmi - ok
15:42:37.0961 5484  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:42:37.0976 5484  AdobeARMservice - ok
15:42:37.0992 5484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
15:42:38.0007 5484  adp94xx - ok
15:42:38.0023 5484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
15:42:38.0039 5484  adpahci - ok
15:42:38.0039 5484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
15:42:38.0054 5484  adpu320 - ok
15:42:38.0070 5484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:42:38.0117 5484  AeLookupSvc - ok
15:42:38.0132 5484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
15:42:38.0148 5484  AFD - ok
15:42:38.0163 5484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
15:42:38.0179 5484  agp440 - ok
15:42:38.0179 5484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
15:42:38.0195 5484  ALG - ok
15:42:38.0195 5484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
15:42:38.0210 5484  aliide - ok
15:42:38.0226 5484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
15:42:38.0226 5484  amdide - ok
15:42:38.0241 5484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
15:42:38.0257 5484  AmdK8 - ok
15:42:38.0257 5484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
15:42:38.0273 5484  AmdPPM - ok
15:42:38.0273 5484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:42:38.0288 5484  amdsata - ok
15:42:38.0288 5484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
15:42:38.0304 5484  amdsbs - ok
15:42:38.0304 5484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:42:38.0319 5484  amdxata - ok
15:42:38.0319 5484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
15:42:38.0397 5484  AppID - ok
15:42:38.0397 5484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:42:38.0429 5484  AppIDSvc - ok
15:42:38.0444 5484  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
15:42:38.0460 5484  Appinfo - ok
15:42:38.0460 5484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
15:42:38.0475 5484  arc - ok
15:42:38.0475 5484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
15:42:38.0491 5484  arcsas - ok
15:42:38.0507 5484  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:42:38.0522 5484  aspnet_state - ok
15:42:38.0522 5484  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
15:42:38.0553 5484  aswFsBlk - ok
15:42:38.0553 5484  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
15:42:38.0569 5484  aswMonFlt - ok
15:42:38.0569 5484  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
15:42:38.0585 5484  aswRdr - ok
15:42:38.0585 5484  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
15:42:38.0600 5484  aswRvrt - ok
15:42:38.0616 5484  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
15:42:38.0647 5484  aswSnx - ok
15:42:38.0647 5484  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP           C:\windows\system32\drivers\aswSP.sys
15:42:38.0678 5484  aswSP - ok
15:42:38.0678 5484  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
15:42:38.0694 5484  aswTdi - ok
15:42:38.0694 5484  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
15:42:38.0709 5484  aswVmm - ok
15:42:38.0725 5484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:42:38.0756 5484  AsyncMac - ok
15:42:38.0756 5484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
15:42:38.0772 5484  atapi - ok
15:42:38.0787 5484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:42:38.0819 5484  AudioEndpointBuilder - ok
15:42:38.0834 5484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:42:38.0881 5484  AudioSrv - ok
15:42:38.0881 5484  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:42:38.0897 5484  avast! Antivirus - ok
15:42:38.0897 5484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:42:38.0928 5484  AxInstSV - ok
15:42:38.0928 5484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
15:42:38.0943 5484  b06bdrv - ok
15:42:38.0959 5484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:42:38.0975 5484  b57nd60a - ok
15:42:38.0990 5484  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:42:39.0006 5484  BBSvc - ok
15:42:39.0006 5484  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:42:39.0021 5484  BBUpdate - ok
15:42:39.0021 5484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
15:42:39.0037 5484  BDESVC - ok
15:42:39.0053 5484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
15:42:39.0084 5484  Beep - ok
15:42:39.0099 5484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
15:42:39.0162 5484  BFE - ok
15:42:39.0162 5484  [ 16CD537F0B237E9C92D131E6445200B9 ] BioNTDrv        C:\Program Files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\BioNTDrv.SYS
15:42:39.0177 5484  BioNTDrv - ok
15:42:39.0193 5484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
15:42:39.0255 5484  BITS - ok
15:42:39.0255 5484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:42:39.0271 5484  blbdrive - ok
15:42:39.0302 5484  [ 7091E0EA045A50952C57EB309B9CEA62 ] bmdrvr          C:\windows\syswow64\drivers\bmdrvr.sys
15:42:39.0318 5484  bmdrvr - ok
15:42:39.0318 5484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:42:39.0333 5484  bowser - ok
15:42:39.0333 5484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
15:42:39.0349 5484  BrFiltLo - ok
15:42:39.0349 5484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
15:42:39.0365 5484  BrFiltUp - ok
15:42:39.0365 5484  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
15:42:39.0411 5484  BridgeMP - ok
15:42:39.0411 5484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
15:42:39.0427 5484  Browser - ok
15:42:39.0443 5484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:42:39.0458 5484  Brserid - ok
15:42:39.0458 5484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:42:39.0474 5484  BrSerWdm - ok
15:42:39.0474 5484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:42:39.0489 5484  BrUsbMdm - ok
15:42:39.0505 5484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:42:39.0505 5484  BrUsbSer - ok
15:42:39.0521 5484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
15:42:39.0536 5484  BTHMODEM - ok
15:42:39.0536 5484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
15:42:39.0567 5484  bthserv - ok
15:42:39.0583 5484  catchme - ok
15:42:39.0583 5484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:42:39.0630 5484  cdfs - ok
15:42:39.0630 5484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:42:39.0645 5484  cdrom - ok
15:42:39.0645 5484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
15:42:39.0692 5484  CertPropSvc - ok
15:42:39.0692 5484  [ B641F0302D444EB94509CFD998CF9FD8 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
15:42:39.0708 5484  cfWiMAXService - ok
15:42:39.0723 5484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
15:42:39.0739 5484  circlass - ok
15:42:39.0755 5484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
15:42:39.0770 5484  CLFS - ok
15:42:39.0770 5484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:42:39.0786 5484  clr_optimization_v2.0.50727_32 - ok
15:42:39.0786 5484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:42:39.0801 5484  clr_optimization_v2.0.50727_64 - ok
15:42:39.0817 5484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:42:39.0817 5484  clr_optimization_v4.0.30319_32 - ok
15:42:39.0833 5484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:42:39.0848 5484  clr_optimization_v4.0.30319_64 - ok
15:42:39.0848 5484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:42:39.0864 5484  CmBatt - ok
15:42:39.0864 5484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:42:39.0879 5484  cmdide - ok
15:42:39.0879 5484  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
15:42:39.0911 5484  CNG - ok
15:42:39.0911 5484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
15:42:39.0926 5484  Compbatt - ok
15:42:39.0926 5484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
15:42:39.0957 5484  CompositeBus - ok
15:42:39.0957 5484  COMSysApp - ok
15:42:39.0957 5484  [ 1263760C5F62674934C709C3EC31869D ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
15:42:39.0973 5484  ConfigFree Service - ok
15:42:39.0973 5484  [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135         C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
15:42:39.0989 5484  cpuz135 - ok
15:42:40.0004 5484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
15:42:40.0004 5484  crcdisk - ok
15:42:40.0020 5484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:42:40.0035 5484  CryptSvc - ok
15:42:40.0051 5484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:42:40.0113 5484  DcomLaunch - ok
15:42:40.0129 5484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
15:42:40.0160 5484  defragsvc - ok
15:42:40.0176 5484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:42:40.0207 5484  DfsC - ok
15:42:40.0223 5484  [ 40D6A76CA084F22847409F87982CC82C ] dfu             C:\windows\system32\drivers\MassDfu64.sys
15:42:40.0238 5484  dfu - ok
15:42:40.0238 5484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
15:42:40.0254 5484  Dhcp - ok
15:42:40.0269 5484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
15:42:40.0301 5484  discache - ok
15:42:40.0301 5484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
15:42:40.0316 5484  Disk - ok
15:42:40.0441 5484  [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
15:42:40.0644 5484  DisplayLinkService - ok
15:42:40.0659 5484  [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
15:42:40.0675 5484  DisplayLinkUsbPort - ok
15:42:40.0691 5484  [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF ] dlkmd           C:\windows\system32\drivers\dlkmd.sys
15:42:40.0691 5484  dlkmd - ok
15:42:40.0706 5484  [ B701A03D4C256A288D89D615E139CB7C ] dlkmdldr        C:\windows\system32\drivers\dlkmdldr.sys
15:42:40.0706 5484  dlkmdldr - ok
15:42:40.0722 5484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:42:40.0737 5484  Dnscache - ok
15:42:40.0737 5484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
15:42:40.0784 5484  dot3svc - ok
15:42:40.0784 5484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
15:42:40.0831 5484  DPS - ok
15:42:40.0831 5484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:42:40.0847 5484  drmkaud - ok
15:42:40.0862 5484  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:42:40.0893 5484  DXGKrnl - ok
15:42:40.0909 5484  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\windows\system32\DRIVERS\e1c62x64.sys
15:42:40.0925 5484  e1cexpress - ok
15:42:40.0925 5484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
15:42:40.0971 5484  EapHost - ok
15:42:41.0003 5484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
15:42:41.0081 5484  ebdrv - ok
15:42:41.0081 5484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
15:42:41.0112 5484  EFS - ok
15:42:41.0112 5484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
15:42:41.0143 5484  elxstor - ok
15:42:41.0143 5484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:42:41.0159 5484  ErrDev - ok
15:42:41.0174 5484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
15:42:41.0221 5484  EventSystem - ok
15:42:41.0252 5484  [ 57E61DC4F7980D57C0B162FC5B9F0B38 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:42:41.0283 5484  EvtEng - ok
15:42:41.0299 5484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
15:42:41.0330 5484  exfat - ok
15:42:41.0346 5484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:42:41.0377 5484  fastfat - ok
15:42:41.0393 5484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
15:42:41.0424 5484  Fax - ok
15:42:41.0424 5484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
15:42:41.0439 5484  fdc - ok
15:42:41.0439 5484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
15:42:41.0486 5484  fdPHost - ok
15:42:41.0486 5484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
15:42:41.0517 5484  FDResPub - ok
15:42:41.0533 5484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:42:41.0533 5484  FileInfo - ok
15:42:41.0549 5484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:42:41.0580 5484  Filetrace - ok
15:42:41.0580 5484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
15:42:41.0595 5484  flpydisk - ok
15:42:41.0595 5484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:42:41.0627 5484  FltMgr - ok
15:42:41.0642 5484  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
15:42:41.0673 5484  FontCache - ok
15:42:41.0673 5484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:42:41.0689 5484  FontCache3.0.0.0 - ok
15:42:41.0689 5484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:42:41.0705 5484  FsDepends - ok
15:42:41.0705 5484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:42:41.0720 5484  Fs_Rec - ok
15:42:41.0720 5484  [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS         C:\windows\system32\drivers\ftdibus.sys
15:42:41.0736 5484  FTDIBUS - ok
15:42:41.0736 5484  [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K         C:\windows\system32\drivers\ftser2k.sys
15:42:41.0751 5484  FTSER2K - ok
15:42:41.0751 5484  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:42:41.0767 5484  fvevol - ok
15:42:41.0767 5484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
15:42:41.0783 5484  gagp30kx - ok
15:42:41.0798 5484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
15:42:41.0845 5484  gpsvc - ok
15:42:41.0861 5484  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:42:41.0861 5484  gupdate - ok
15:42:41.0876 5484  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:42:41.0876 5484  gupdatem - ok
15:42:41.0892 5484  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:42:41.0892 5484  gusvc - ok
15:42:41.0907 5484  [ ADB4348DA1345877B04E22203AFC8993 ] hcmon           C:\windows\system32\drivers\hcmon.sys
15:42:41.0907 5484  hcmon - ok
15:42:41.0923 5484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:42:41.0939 5484  hcw85cir - ok
15:42:41.0939 5484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:42:41.0954 5484  HdAudAddService - ok
15:42:41.0970 5484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
15:42:41.0985 5484  HDAudBus - ok
15:42:41.0985 5484  [ 3918D1E5A573E195572F841612000F38 ] hhdserhelp      C:\windows\system32\drivers\hhdserhelp.sys
15:42:42.0001 5484  hhdserhelp - ok
15:42:42.0017 5484  [ AE2F6E1E1D1EC992F93B43B1EF4D69E2 ] hhdserial64     C:\windows\system32\DRIVERS\hhdserial64.sys
15:42:42.0017 5484  hhdserial64 - ok
15:42:42.0032 5484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
15:42:42.0048 5484  HidBatt - ok
15:42:42.0048 5484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
15:42:42.0063 5484  HidBth - ok
15:42:42.0079 5484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
15:42:42.0095 5484  HidIr - ok
15:42:42.0095 5484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
15:42:42.0126 5484  hidserv - ok
15:42:42.0141 5484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:42:42.0157 5484  HidUsb - ok
15:42:42.0157 5484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:42:42.0188 5484  hkmsvc - ok
15:42:42.0204 5484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:42:42.0219 5484  HomeGroupListener - ok
15:42:42.0235 5484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:42:42.0251 5484  HomeGroupProvider - ok
15:42:42.0251 5484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:42:42.0266 5484  HpSAMD - ok
15:42:42.0282 5484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:42:42.0329 5484  HTTP - ok
15:42:42.0329 5484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:42:42.0344 5484  hwpolicy - ok
15:42:42.0344 5484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:42:42.0360 5484  i8042prt - ok
15:42:42.0375 5484  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:42:42.0391 5484  iaStor - ok
15:42:42.0391 5484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:42:42.0407 5484  iaStorV - ok
15:42:42.0422 5484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:42:42.0453 5484  idsvc - ok
15:42:42.0609 5484  [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
15:42:42.0859 5484  igfx - ok
15:42:42.0859 5484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
15:42:42.0875 5484  iirsp - ok
15:42:42.0890 5484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
15:42:42.0937 5484  IKEEXT - ok
15:42:42.0953 5484  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
15:42:42.0968 5484  intaud_WaveExtensible - ok
15:42:42.0999 5484  [ 254FAAE42AFC641C0BE628DE123EA9DE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:42:43.0077 5484  IntcAzAudAddService - ok
15:42:43.0093 5484  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
15:42:43.0109 5484  IntcDAud - ok
15:42:43.0109 5484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
15:42:43.0124 5484  intelide - ok
15:42:43.0124 5484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:42:43.0140 5484  intelppm - ok
15:42:43.0140 5484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:42:43.0202 5484  IPBusEnum - ok
15:42:43.0218 5484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:42:43.0249 5484  IpFilterDriver - ok
15:42:43.0265 5484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:42:43.0280 5484  iphlpsvc - ok
15:42:43.0296 5484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
15:42:43.0311 5484  IPMIDRV - ok
15:42:43.0311 5484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:42:43.0358 5484  IPNAT - ok
15:42:43.0358 5484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:42:43.0374 5484  IRENUM - ok
15:42:43.0374 5484  irstrtsv - ok
15:42:43.0389 5484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:42:43.0389 5484  isapnp - ok
15:42:43.0405 5484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:42:43.0421 5484  iScsiPrt - ok
15:42:43.0421 5484  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
15:42:43.0436 5484  iwdbus - ok
15:42:43.0436 5484  [ 8112496F91A80D9EEE8442D61CDF07D7 ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:42:43.0452 5484  jhi_service - ok
15:42:43.0452 5484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:42:43.0467 5484  kbdclass - ok
15:42:43.0467 5484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
15:42:43.0483 5484  kbdhid - ok
15:42:43.0483 5484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
15:42:43.0499 5484  KeyIso - ok
15:42:43.0514 5484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:42:43.0514 5484  KSecDD - ok
15:42:43.0530 5484  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:42:43.0545 5484  KSecPkg - ok
15:42:43.0545 5484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:42:43.0577 5484  ksthunk - ok
15:42:43.0592 5484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
15:42:43.0623 5484  KtmRm - ok
15:42:43.0639 5484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
15:42:43.0670 5484  LanmanServer - ok
15:42:43.0686 5484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:42:43.0717 5484  LanmanWorkstation - ok
15:42:43.0733 5484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:42:43.0764 5484  lltdio - ok
15:42:43.0764 5484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:42:43.0811 5484  lltdsvc - ok
15:42:43.0811 5484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:42:43.0857 5484  lmhosts - ok
15:42:43.0857 5484  [ 5495EB40DF7061059C57F0DEFDBD72A1 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:42:43.0889 5484  LMS - ok
15:42:43.0889 5484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
15:42:43.0904 5484  LSI_FC - ok
15:42:43.0904 5484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
15:42:43.0920 5484  LSI_SAS - ok
15:42:43.0920 5484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
15:42:43.0935 5484  LSI_SAS2 - ok
15:42:43.0935 5484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
15:42:43.0951 5484  LSI_SCSI - ok
15:42:43.0951 5484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
15:42:43.0998 5484  luafv - ok
15:42:43.0998 5484  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
15:42:44.0013 5484  MBAMProtector - ok
15:42:44.0029 5484  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:42:44.0045 5484  MBAMScheduler - ok
15:42:44.0060 5484  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:42:44.0076 5484  MBAMService - ok
15:42:44.0091 5484  mbamswissarmy - ok
15:42:44.0091 5484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
15:42:44.0107 5484  megasas - ok
15:42:44.0107 5484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
15:42:44.0138 5484  MegaSR - ok
15:42:44.0138 5484  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
15:42:44.0154 5484  MEIx64 - ok
15:42:44.0169 5484  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:42:44.0169 5484  Microsoft Office Groove Audit Service - ok
15:42:44.0185 5484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
15:42:44.0232 5484  MMCSS - ok
15:42:44.0247 5484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
15:42:44.0279 5484  Modem - ok
15:42:44.0279 5484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:42:44.0294 5484  monitor - ok
15:42:44.0310 5484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:42:44.0310 5484  mouclass - ok
15:42:44.0325 5484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:42:44.0325 5484  mouhid - ok
15:42:44.0341 5484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:42:44.0357 5484  mountmgr - ok
15:42:44.0357 5484  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:42:44.0372 5484  MozillaMaintenance - ok
15:42:44.0372 5484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
15:42:44.0388 5484  mpio - ok
15:42:44.0388 5484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:42:44.0435 5484  mpsdrv - ok
15:42:44.0435 5484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:42:44.0497 5484  MpsSvc - ok
15:42:44.0497 5484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:42:44.0513 5484  MRxDAV - ok
15:42:44.0528 5484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:42:44.0544 5484  mrxsmb - ok
15:42:44.0544 5484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:42:44.0559 5484  mrxsmb10 - ok
15:42:44.0559 5484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:42:44.0575 5484  mrxsmb20 - ok
15:42:44.0591 5484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
15:42:44.0591 5484  msahci - ok
15:42:44.0606 5484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
15:42:44.0606 5484  msdsm - ok
15:42:44.0622 5484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
15:42:44.0637 5484  MSDTC - ok
15:42:44.0637 5484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:42:44.0684 5484  Msfs - ok
15:42:44.0684 5484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:42:44.0715 5484  mshidkmdf - ok
15:42:44.0715 5484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:42:44.0731 5484  msisadrv - ok
15:42:44.0731 5484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:42:44.0778 5484  MSiSCSI - ok
15:42:44.0778 5484  msiserver - ok
15:42:44.0778 5484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:42:44.0825 5484  MSKSSRV - ok
15:42:44.0825 5484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:42:44.0856 5484  MSPCLOCK - ok
15:42:44.0856 5484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:42:44.0903 5484  MSPQM - ok
15:42:44.0903 5484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:42:44.0918 5484  MsRPC - ok
15:42:44.0918 5484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
15:42:44.0934 5484  mssmbios - ok
15:42:44.0934 5484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:42:44.0981 5484  MSTEE - ok
15:42:44.0981 5484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
15:42:44.0996 5484  MTConfig - ok
15:42:44.0996 5484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
15:42:45.0012 5484  Mup - ok
15:42:45.0012 5484  [ 50B99D53BC013458381C6476D790C9F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:42:45.0027 5484  MyWiFiDHCPDNS - ok
15:42:45.0043 5484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
15:42:45.0090 5484  napagent - ok
15:42:45.0090 5484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:42:45.0121 5484  NativeWifiP - ok
15:42:45.0121 5484  [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
15:42:45.0152 5484  NAUpdate - ok
15:42:45.0168 5484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
15:42:45.0199 5484  NDIS - ok
15:42:45.0199 5484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:42:45.0246 5484  NdisCap - ok
15:42:45.0246 5484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:42:45.0277 5484  NdisTapi - ok
15:42:45.0293 5484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:42:45.0324 5484  Ndisuio - ok
15:42:45.0324 5484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:42:45.0371 5484  NdisWan - ok
15:42:45.0386 5484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:42:45.0417 5484  NDProxy - ok
15:42:45.0417 5484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:42:45.0464 5484  NetBIOS - ok
15:42:45.0480 5484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:42:45.0511 5484  NetBT - ok
15:42:45.0511 5484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
15:42:45.0527 5484  Netlogon - ok
15:42:45.0542 5484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
15:42:45.0589 5484  Netman - ok
15:42:45.0589 5484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:45.0605 5484  NetMsmqActivator - ok
15:42:45.0605 5484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:45.0620 5484  NetPipeActivator - ok
15:42:45.0620 5484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
15:42:45.0667 5484  netprofm - ok
15:42:45.0683 5484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:45.0683 5484  NetTcpActivator - ok
15:42:45.0698 5484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:45.0698 5484  NetTcpPortSharing - ok
15:42:45.0792 5484  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
15:42:45.0932 5484  NETwNs64 - ok
15:42:45.0948 5484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
15:42:45.0948 5484  nfrd960 - ok
15:42:45.0963 5484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:42:45.0979 5484  NlaSvc - ok
15:42:45.0995 5484  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\windows\system32\drivers\npf.sys
15:42:45.0995 5484  NPF - ok
15:42:45.0995 5484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:42:46.0041 5484  Npfs - ok
15:42:46.0041 5484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
15:42:46.0073 5484  nsi - ok
15:42:46.0088 5484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:42:46.0119 5484  nsiproxy - ok
15:42:46.0135 5484  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:42:46.0182 5484  Ntfs - ok
15:42:46.0197 5484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
15:42:46.0229 5484  Null - ok
15:42:46.0229 5484  [ 550BE6C46110B74C1ED7B156598D67AF ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
15:42:46.0244 5484  nusb3hub - ok
15:42:46.0260 5484  [ 17401C97DCF93F121B89B554D733B836 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
15:42:46.0260 5484  nusb3xhc - ok
15:42:46.0275 5484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:42:46.0291 5484  nvraid - ok
15:42:46.0291 5484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:42:46.0307 5484  nvstor - ok
15:42:46.0307 5484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:42:46.0322 5484  nv_agp - ok
15:42:46.0338 5484  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:42:46.0353 5484  odserv - ok
15:42:46.0353 5484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:42:46.0369 5484  ohci1394 - ok
15:42:46.0385 5484  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:46.0400 5484  ose - ok
15:42:46.0400 5484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:42:46.0431 5484  p2pimsvc - ok
15:42:46.0431 5484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
15:42:46.0463 5484  p2psvc - ok
15:42:46.0463 5484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
15:42:46.0494 5484  Parport - ok
15:42:46.0494 5484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:42:46.0509 5484  partmgr - ok
15:42:46.0509 5484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:42:46.0541 5484  PcaSvc - ok
15:42:46.0541 5484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
15:42:46.0556 5484  pci - ok
15:42:46.0556 5484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
15:42:46.0572 5484  pciide - ok
15:42:46.0572 5484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
15:42:46.0587 5484  pcmcia - ok
15:42:46.0587 5484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
15:42:46.0603 5484  pcw - ok
15:42:46.0619 5484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:42:46.0665 5484  PEAUTH - ok
15:42:46.0697 5484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:42:46.0712 5484  PerfHost - ok
15:42:46.0712 5484  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
15:42:46.0728 5484  PGEffect - ok
15:42:46.0743 5484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
15:42:46.0806 5484  pla - ok
15:42:46.0821 5484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:42:46.0837 5484  PlugPlay - ok
15:42:46.0837 5484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:42:46.0853 5484  PNRPAutoReg - ok
15:42:46.0868 5484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:42:46.0884 5484  PNRPsvc - ok
15:42:46.0884 5484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:42:46.0931 5484  PolicyAgent - ok
15:42:46.0946 5484  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
15:42:46.0977 5484  Power - ok
15:42:46.0993 5484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:42:47.0024 5484  PptpMiniport - ok
15:42:47.0024 5484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
15:42:47.0040 5484  Processor - ok
15:42:47.0040 5484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
15:42:47.0071 5484  ProfSvc - ok
15:42:47.0071 5484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:42:47.0087 5484  ProtectedStorage - ok
15:42:47.0087 5484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:42:47.0118 5484  Psched - ok
15:42:47.0133 5484  [ 3DF18A193C758BE8E610B01331C237FB ] pwdrvio         C:\windows\system32\pwdrvio.sys
15:42:47.0149 5484  pwdrvio - ok
15:42:47.0149 5484  [ 1EBD98FB3B567C552C9C85AB73729AEC ] pwdspio         C:\windows\system32\pwdspio.sys
15:42:47.0165 5484  pwdspio - ok
15:42:47.0196 5484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
15:42:47.0243 5484  ql2300 - ok
15:42:47.0243 5484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
15:42:47.0258 5484  ql40xx - ok
15:42:47.0258 5484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
15:42:47.0289 5484  QWAVE - ok
15:42:47.0289 5484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:42:47.0305 5484  QWAVEdrv - ok
15:42:47.0305 5484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:42:47.0367 5484  RasAcd - ok
15:42:47.0367 5484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:42:47.0399 5484  RasAgileVpn - ok
15:42:47.0414 5484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
15:42:47.0461 5484  RasAuto - ok
15:42:47.0461 5484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:42:47.0508 5484  Rasl2tp - ok
15:42:47.0508 5484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
15:42:47.0555 5484  RasMan - ok
15:42:47.0555 5484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:42:47.0601 5484  RasPppoe - ok
15:42:47.0601 5484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:42:47.0633 5484  RasSstp - ok
15:42:47.0648 5484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:42:47.0679 5484  rdbss - ok
15:42:47.0695 5484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
15:42:47.0711 5484  rdpbus - ok
15:42:47.0711 5484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:42:47.0742 5484  RDPCDD - ok
15:42:47.0757 5484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:42:47.0789 5484  RDPENCDD - ok
15:42:47.0789 5484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:42:47.0820 5484  RDPREFMP - ok
15:42:47.0835 5484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:42:47.0851 5484  RDPWD - ok
15:42:47.0851 5484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:42:47.0867 5484  rdyboost - ok
15:42:47.0882 5484  [ 18505D90FEE940EE9EAE4C5B421F22B4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:42:47.0913 5484  RegSrvc - ok
15:42:47.0913 5484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:42:47.0960 5484  RemoteAccess - ok
15:42:47.0960 5484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:42:48.0007 5484  RemoteRegistry - ok
15:42:48.0007 5484  [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc          C:\windows\system32\DRIVERS\risdxc64.sys
15:42:48.0023 5484  risdxc - ok
15:42:48.0038 5484  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
15:42:48.0038 5484  rpcapd - ok
15:42:48.0054 5484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:42:48.0085 5484  RpcEptMapper - ok
15:42:48.0085 5484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
15:42:48.0101 5484  RpcLocator - ok
15:42:48.0116 5484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
15:42:48.0163 5484  RpcSs - ok
15:42:48.0163 5484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:42:48.0210 5484  rspndr - ok
15:42:48.0210 5484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
15:42:48.0225 5484  SamSs - ok
15:42:48.0225 5484  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\Sandra.sys
15:42:48.0241 5484  SANDRA - ok
15:42:48.0241 5484  [ 0A32BF2682118185AB678B107CF67566 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe
15:42:48.0257 5484  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
15:42:48.0257 5484  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
15:42:48.0257 5484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:42:48.0272 5484  sbp2port - ok
15:42:48.0288 5484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:42:48.0319 5484  SCardSvr - ok
15:42:48.0335 5484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:42:48.0366 5484  scfilter - ok
15:42:48.0381 5484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
15:42:48.0459 5484  Schedule - ok
15:42:48.0459 5484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
15:42:48.0506 5484  SCPolicySvc - ok
15:42:48.0506 5484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:42:48.0522 5484  SDRSVC - ok
15:42:48.0537 5484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:42:48.0569 5484  secdrv - ok
15:42:48.0569 5484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
15:42:48.0600 5484  seclogon - ok
15:42:48.0615 5484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
15:42:48.0647 5484  SENS - ok
15:42:48.0647 5484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:42:48.0678 5484  SensrSvc - ok
15:42:48.0678 5484  [ 93E726A945F567CE2E191D10295C921D ] Ser2pl          C:\windows\system32\DRIVERS\ser2pl64.sys
15:42:48.0693 5484  Ser2pl - ok
15:42:48.0693 5484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
15:42:48.0709 5484  Serenum - ok
15:42:48.0709 5484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
15:42:48.0725 5484  Serial - ok
15:42:48.0725 5484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:42:48.0740 5484  sermouse - ok
15:42:48.0756 5484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
15:42:48.0787 5484  SessionEnv - ok
15:42:48.0803 5484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
15:42:48.0818 5484  sffdisk - ok
15:42:48.0818 5484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:42:48.0834 5484  sffp_mmc - ok
15:42:48.0834 5484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
15:42:48.0849 5484  sffp_sd - ok
15:42:48.0849 5484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
15:42:48.0865 5484  sfloppy - ok
15:42:48.0881 5484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:42:48.0912 5484  SharedAccess - ok
15:42:48.0927 5484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:42:48.0974 5484  ShellHWDetection - ok
15:42:48.0974 5484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
15:42:48.0990 5484  SiSRaid2 - ok
15:42:48.0990 5484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
15:42:49.0005 5484  SiSRaid4 - ok
15:42:49.0005 5484  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:42:49.0021 5484  SkypeUpdate - ok
15:42:49.0021 5484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:42:49.0068 5484  Smb - ok
15:42:49.0068 5484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:42:49.0083 5484  SNMPTRAP - ok
15:42:49.0083 5484  [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
15:42:49.0099 5484  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
15:42:49.0099 5484  Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
15:42:49.0099 5484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
15:42:49.0115 5484  spldr - ok
15:42:49.0115 5484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
15:42:49.0146 5484  Spooler - ok
15:42:49.0193 5484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
15:42:49.0286 5484  sppsvc - ok
15:42:49.0286 5484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:42:49.0333 5484  sppuinotify - ok
15:42:49.0349 5484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
15:42:49.0364 5484  srv - ok
15:42:49.0364 5484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:42:49.0395 5484  srv2 - ok
15:42:49.0395 5484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:42:49.0411 5484  srvnet - ok
15:42:49.0427 5484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:42:49.0458 5484  SSDPSRV - ok
15:42:49.0473 5484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:42:49.0505 5484  SstpSvc - ok
15:42:49.0520 5484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
15:42:49.0536 5484  stexstor - ok
15:42:49.0536 5484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
15:42:49.0583 5484  stisvc - ok
15:42:49.0583 5484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
15:42:49.0598 5484  swenum - ok
15:42:49.0598 5484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
15:42:49.0645 5484  swprv - ok
15:42:49.0676 5484  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
15:42:49.0707 5484  SynTP - ok
15:42:49.0739 5484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
15:42:49.0785 5484  SysMain - ok
15:42:49.0785 5484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:42:49.0801 5484  TabletInputService - ok
15:42:49.0817 5484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
15:42:49.0848 5484  TapiSrv - ok
15:42:49.0863 5484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
15:42:49.0895 5484  TBS - ok
15:42:49.0926 5484  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:42:49.0973 5484  Tcpip - ok
15:42:49.0988 5484  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:42:50.0035 5484  TCPIP6 - ok
15:42:50.0035 5484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:42:50.0051 5484  tcpipreg - ok
15:42:50.0066 5484  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
15:42:50.0066 5484  tdcmdpst - ok
15:42:50.0082 5484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:42:50.0082 5484  TDPIPE - ok
15:42:50.0097 5484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:42:50.0113 5484  TDTCP - ok
15:42:50.0113 5484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:42:50.0144 5484  tdx - ok
15:42:50.0191 5484  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:42:50.0285 5484  TeamViewer8 - ok
15:42:50.0285 5484  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
15:42:50.0300 5484  TemproMonitoringService - ok
15:42:50.0300 5484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
15:42:50.0316 5484  TermDD - ok
15:42:50.0331 5484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
15:42:50.0394 5484  TermService - ok
15:42:50.0409 5484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
15:42:50.0425 5484  Themes - ok
15:42:50.0425 5484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
15:42:50.0472 5484  THREADORDER - ok
15:42:50.0472 5484  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:42:50.0487 5484  TMachInfo - ok
15:42:50.0487 5484  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\windows\system32\TODDSrv.exe
15:42:50.0503 5484  TODDSrv - ok
15:42:50.0519 5484  [ 6CDFED6845A29111E8AE1806196CDA2A ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:42:50.0550 5484  TosCoSrv - ok
15:42:50.0550 5484  [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:42:50.0565 5484  TOSHIBA Bluetooth Service - ok
15:42:50.0565 5484  [ 641387237B7AB2027E8FD810B8A63282 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
15:42:50.0581 5484  TOSHIBA eco Utility Service - ok
15:42:50.0597 5484  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:42:50.0597 5484  TOSHIBA HDD SSD Alert Service - ok
15:42:50.0612 5484  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\windows\system32\DRIVERS\tosporte.sys
15:42:50.0612 5484  tosporte - ok
15:42:50.0628 5484  [ C42E95FCFEE5F7BA381BFE54DA8EEB3D ] tosrfbd         C:\windows\system32\DRIVERS\tosrfbd.sys
15:42:50.0643 5484  tosrfbd - ok
15:42:50.0643 5484  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\windows\system32\Drivers\tosrfcom.sys
15:42:50.0659 5484  Tosrfcom - ok
15:42:50.0659 5484  [ A4DDAD3BF13F370EC392BE243E334EBA ] tosrfec         C:\windows\system32\DRIVERS\tosrfec.sys
15:42:50.0675 5484  tosrfec - ok
15:42:50.0675 5484  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\windows\system32\DRIVERS\Tosrfhid.sys
15:42:50.0675 5484  Tosrfhid - ok
15:42:50.0690 5484  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\windows\system32\DRIVERS\tosrfusb.sys
15:42:50.0690 5484  Tosrfusb - ok
15:42:50.0706 5484  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
15:42:50.0721 5484  tos_sps64 - ok
15:42:50.0737 5484  [ 37521A8DF30A306CFC16326120ED09FB ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:42:50.0768 5484  TPCHSrv - ok
15:42:50.0784 5484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
15:42:50.0815 5484  TrkWks - ok
15:42:50.0831 5484  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\windows\system32\drivers\truecrypt.sys
15:42:50.0846 5484  truecrypt - ok
15:42:50.0846 5484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:42:50.0877 5484  TrustedInstaller - ok
15:42:50.0893 5484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:42:50.0924 5484  tssecsrv - ok
15:42:50.0924 5484  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:42:50.0940 5484  TsUsbFlt - ok
15:42:50.0940 5484  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
15:42:50.0955 5484  TsUsbGD - ok
15:42:50.0971 5484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:42:51.0002 5484  tunnel - ok
15:42:51.0002 5484  [ EFFCE6E033EBDD0F3C0F14A413558F65 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ.SYS
15:42:51.0018 5484  TVALZ - ok
15:42:51.0018 5484  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
15:42:51.0033 5484  TVALZFL - ok
15:42:51.0033 5484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
15:42:51.0049 5484  uagp35 - ok
15:42:51.0049 5484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:42:51.0096 5484  udfs - ok
15:42:51.0096 5484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:42:51.0111 5484  UI0Detect - ok
15:42:51.0127 5484  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\windows\system32\DRIVERS\uimx64.sys
15:42:51.0143 5484  UimBus - ok
15:42:51.0143 5484  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\windows\system32\Drivers\Uim_IMx64.sys
15:42:51.0174 5484  Uim_IM - ok
15:42:51.0174 5484  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\windows\system32\Drivers\uim_vimx64.sys
15:42:51.0189 5484  Uim_VIM - ok
15:42:51.0205 5484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:42:51.0221 5484  uliagpkx - ok
15:42:51.0221 5484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
15:42:51.0236 5484  umbus - ok
15:42:51.0236 5484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
15:42:51.0252 5484  UmPass - ok
15:42:51.0299 5484  [ D329A1589257FB671338E8CDBC6CB6DB ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:42:51.0361 5484  UNS - ok
15:42:51.0377 5484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
15:42:51.0408 5484  upnphost - ok
15:42:51.0423 5484  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
15:42:51.0439 5484  usbaudio - ok
15:42:51.0455 5484  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:42:51.0470 5484  usbccgp - ok
15:42:51.0470 5484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:42:51.0486 5484  usbcir - ok
15:42:51.0501 5484  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
15:42:51.0517 5484  usbehci - ok
15:42:51.0517 5484  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:42:51.0548 5484  usbhub - ok
15:42:51.0548 5484  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:42:51.0564 5484  usbohci - ok
15:42:51.0564 5484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:42:51.0579 5484  usbprint - ok
15:42:51.0579 5484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:42:51.0595 5484  USBSTOR - ok
15:42:51.0595 5484  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
15:42:51.0611 5484  usbuhci - ok
15:42:51.0626 5484  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
15:42:51.0642 5484  usbvideo - ok
15:42:51.0642 5484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
15:42:51.0689 5484  UxSms - ok
15:42:51.0689 5484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
15:42:51.0704 5484  VaultSvc - ok
15:42:51.0720 5484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:42:51.0720 5484  vdrvroot - ok
15:42:51.0735 5484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
15:42:51.0782 5484  vds - ok
15:42:51.0782 5484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:42:51.0798 5484  vga - ok
15:42:51.0798 5484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
15:42:51.0845 5484  VgaSave - ok
15:42:51.0845 5484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
15:42:51.0860 5484  vhdmp - ok
15:42:51.0860 5484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
15:42:51.0876 5484  viaide - ok
15:42:51.0876 5484  [ 94CF2D157C8FD9089AFA5DA78AA64C65 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
15:42:51.0891 5484  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
15:42:51.0891 5484  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
15:42:51.0891 5484  [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci            C:\windows\system32\DRIVERS\vmci.sys
15:42:51.0907 5484  vmci - ok
15:42:51.0907 5484  [ 0B13268268B3D2C99BA5021593D0F767 ] vmkbd           C:\windows\system32\drivers\VMkbd.sys
15:42:51.0923 5484  vmkbd - ok
15:42:51.0923 5484  [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter    C:\windows\system32\DRIVERS\vmnetadapter.sys
15:42:51.0938 5484  VMnetAdapter - ok
15:42:51.0938 5484  [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge     C:\windows\system32\DRIVERS\vmnetbridge.sys
15:42:51.0954 5484  VMnetBridge - ok
15:42:51.0954 5484  VMnetDHCP - ok
15:42:51.0969 5484  [ 518D188F04BC4C6BA0581775B9A5EA90 ] VMnetuserif     C:\windows\system32\drivers\vmnetuserif.sys
15:42:51.0969 5484  VMnetuserif - ok
15:42:51.0985 5484  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\windows\system32\Drivers\vmusb.sys
15:42:51.0985 5484  vmusb - ok
15:42:52.0001 5484  [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:42:52.0032 5484  VMUSBArbService - ok
15:42:52.0032 5484  VMware NAT Service - ok
15:42:52.0047 5484  [ 75BC28F58C95B90DFFA5367310BC82EB ] vmware-converter-agent C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
15:42:52.0063 5484  vmware-converter-agent - ok
15:42:52.0079 5484  [ 3B7FF15F4F50D3AA3983A3D41FBE2835 ] vmware-converter-server C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
15:42:52.0094 5484  vmware-converter-server - ok
15:42:52.0110 5484  [ 3B7FF15F4F50D3AA3983A3D41FBE2835 ] vmware-converter-worker C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
15:42:52.0125 5484  vmware-converter-worker - ok
15:42:52.0125 5484  [ BAF28A75B00B79DC92702AF7ACFFD3E5 ] vmx86           C:\windows\system32\drivers\vmx86.sys
15:42:52.0141 5484  vmx86 - ok
15:42:52.0141 5484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:42:52.0157 5484  volmgr - ok
15:42:52.0157 5484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:42:52.0188 5484  volmgrx - ok
15:42:52.0188 5484  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:42:52.0203 5484  volsnap - ok
15:42:52.0219 5484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
15:42:52.0219 5484  vsmraid - ok
15:42:52.0250 5484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
15:42:52.0313 5484  VSS - ok
15:42:52.0344 5484  [ 65EFAEC68FA234F36880533A79D7B1C1 ] vstor2-mntapi10-shared C:\windows\syswow64\drivers\vstor2-mntapi10-shared.sys
15:42:52.0359 5484  vstor2-mntapi10-shared - ok
15:42:52.0359 5484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
15:42:52.0375 5484  vwifibus - ok
15:42:52.0375 5484  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:42:52.0406 5484  vwififlt - ok
15:42:52.0406 5484  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
15:42:52.0422 5484  vwifimp - ok
15:42:52.0437 5484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
15:42:52.0484 5484  W32Time - ok
15:42:52.0484 5484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
15:42:52.0500 5484  WacomPen - ok
15:42:52.0515 5484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:42:52.0547 5484  WANARP - ok
15:42:52.0547 5484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:42:52.0593 5484  Wanarpv6 - ok
15:42:52.0609 5484  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
15:42:52.0656 5484  WatAdminSvc - ok
15:42:52.0671 5484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
15:42:52.0718 5484  wbengine - ok
15:42:52.0718 5484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:42:52.0749 5484  WbioSrvc - ok
15:42:52.0749 5484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:42:52.0781 5484  wcncsvc - ok
15:42:52.0781 5484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:42:52.0796 5484  WcsPlugInService - ok
15:42:52.0796 5484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
15:42:52.0812 5484  Wd - ok
15:42:52.0827 5484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:42:52.0859 5484  Wdf01000 - ok
15:42:52.0859 5484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:42:52.0890 5484  WdiServiceHost - ok
15:42:52.0905 5484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:42:52.0921 5484  WdiSystemHost - ok
15:42:52.0921 5484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
15:42:52.0952 5484  WebClient - ok
15:42:52.0952 5484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:42:52.0999 5484  Wecsvc - ok
15:42:52.0999 5484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:42:53.0046 5484  wercplsupport - ok
15:42:53.0046 5484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
15:42:53.0093 5484  WerSvc - ok
15:42:53.0093 5484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:42:53.0124 5484  WfpLwf - ok
15:42:53.0139 5484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:42:53.0139 5484  WIMMount - ok
15:42:53.0155 5484  WinDefend - ok
15:42:53.0171 5484  [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6      C:\windows\system32\drivers\windrvr6.sys
15:42:53.0186 5484  WinDriver6 - ok
15:42:53.0186 5484  WinHttpAutoProxySvc - ok
15:42:53.0186 5484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:42:53.0233 5484  Winmgmt - ok
15:42:53.0264 5484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
15:42:53.0327 5484  WinRM - ok
15:42:53.0342 5484  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
15:42:53.0358 5484  WinUSB - ok
15:42:53.0373 5484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
15:42:53.0405 5484  Wlansvc - ok
15:42:53.0405 5484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
15:42:53.0420 5484  WmiAcpi - ok
15:42:53.0436 5484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:42:53.0451 5484  wmiApSrv - ok
15:42:53.0451 5484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:42:53.0467 5484  WPCSvc - ok
15:42:53.0483 5484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:42:53.0498 5484  WPDBusEnum - ok
15:42:53.0498 5484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:42:53.0545 5484  ws2ifsl - ok
15:42:53.0561 5484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
15:42:53.0576 5484  wscsvc - ok
15:42:53.0576 5484  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
15:42:53.0592 5484  WSDPrintDevice - ok
15:42:53.0607 5484  WSearch - ok
15:42:53.0639 5484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
15:42:53.0717 5484  wuauserv - ok
15:42:53.0717 5484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:42:53.0732 5484  WudfPf - ok
15:42:53.0732 5484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:42:53.0748 5484  WUDFRd - ok
15:42:53.0763 5484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:42:53.0779 5484  wudfsvc - ok
15:42:53.0779 5484  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
15:42:53.0795 5484  WwanSvc - ok
15:42:53.0810 5484  ================ Scan global ===============================
15:42:53.0826 5484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:42:53.0826 5484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:42:53.0841 5484  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:42:53.0841 5484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:42:53.0857 5484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:42:53.0857 5484  [Global] - ok
15:42:53.0857 5484  ================ Scan MBR ==================================
15:42:53.0857 5484  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
15:42:53.0982 5484  \Device\Harddisk0\DR0 - ok
15:42:53.0982 5484  ================ Scan VBR ==================================
15:42:53.0982 5484  [ F1A6A3463B12FFBA4D5A462595F52861 ] \Device\Harddisk0\DR0\Partition1
15:42:53.0982 5484  \Device\Harddisk0\DR0\Partition1 - ok
15:42:53.0982 5484  [ 5FDC64D28206407FAF6255E892DA9709 ] \Device\Harddisk0\DR0\Partition2
15:42:53.0982 5484  \Device\Harddisk0\DR0\Partition2 - ok
15:42:53.0982 5484  ============================================================
15:42:53.0982 5484  Scan finished
15:42:53.0982 5484  ============================================================
15:42:53.0997 6880  Detected object count: 3
15:42:53.0997 6880  Actual detected object count: 3
15:44:56.0357 6880  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:56.0357 6880  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:56.0357 6880  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:56.0357 6880  Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:56.0373 6880  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:56.0373 6880  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.05.2013, 15:22

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

klausc127 · 29.05.2013, 10:23

Hallo Cosinus,
ich habe die 3 Programme laufen lassen.
DasJrt-Protokoll wurde angezeigt, aber leider nicht als JRT.txt gespeichert. Ist weg.
Die anderen Protokolle:
Adwcleaner:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 29/05/2013 um 10:35:15 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : user - USER-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Klaus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c0dbd0e63ee844
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

-\\ Google Chrome v27.0.1453.94

*************************

AdwCleaner[S1].txt - [1788 octets] - [29/05/2013 10:35:15]

########## EOF - \AdwCleaner[S1].txt - [1848 octets] ##########

--- --- ---

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.05.2013 10:51:02 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Klaus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,97% Memory free
7,80 Gb Paging File | 5,62 Gb Available in Paging File | 72,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 23,31 Gb Free Space | 24,04% Space Free | Partition Type: NTFS
Drive F: | 12,83 Gb Total Space | 0,60 Gb Free Space | 4,70% Space Free | Partition Type: NTFS
Drive L: | 1,46 Gb Total Space | 1,22 Gb Free Space | 83,53% Space Free | Partition Type: NTFS
 
Computer Name: USER-TOSH | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Klaus\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Klaus\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Bazaar\tbzrcache.exe ()
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Users\Klaus\AppData\Local\Apps\Evernote\Evernote\libxml2.dll ()
MOD - C:\Users\Klaus\AppData\Local\Apps\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Bazaar\tbzrcache.exe ()
MOD - C:\Program Files (x86)\Bazaar\lib\bzrlib._walkdirs_win32.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\bzrlib._chunks_to_lines_pyx.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\_ssl.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\_socket.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32file.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32com.shell.shell.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\pythoncom26.dll ()
MOD - C:\Program Files (x86)\Bazaar\lib\winxpgui.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32gui.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32api.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32security.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32process.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32pipe.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\win32event.pyd ()
MOD - C:\Program Files (x86)\Bazaar\lib\pywintypes26.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe (SiSoftware)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (vmware-converter-worker) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-server) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dfu) -- C:\Windows\SysNative\drivers\MassDfu64.sys (Philips PTCL)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (hhdserhelp) -- C:\Windows\SysNative\drivers\hhdserhelp.sys (HHD Software Ltd.)
DRV:64bit: - (hhdserial64) -- C:\Windows\SysNative\drivers\hhdserial64.sys (HHD Software Ltd.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x64\Sandra.sys (SiSoftware)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz135) -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID)
DRV - (BioNTDrv) -- C:\Program Files (x86)\Paragon Software\Backup and Recovery 2012 Free\program\biontdrv.sys (Paragon Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{1A4B5EEF-3962-42D1-8CA8-4A6AF1796564}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{1A4B5EEF-3962-42D1-8CA8-4A6AF1796564}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\..\SearchScopes\{9CE63A3E-469F-4B15-83CC-87D34782A8A1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2992699830-2983422617-984916726-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..extensions.enabledAddons: speedanalysis02%40SpeedAnalysis.com:1.0.0.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.7.20130322105505
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.21 17:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.02 12:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.25 11:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f80273e8.default\extensions
[2013.03.25 19:04:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f80273e8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.04.24 20:38:06 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f80273e8.default\extensions\speedanalysis02@SpeedAnalysis.com
[2013.05.25 12:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.25 12:02:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www2.delta-search.com/?affID=119677&babsrc=HP_ss&mntrId=765988532E772D39
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.28 08:18:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2992699830-2983422617-984916726-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2992699830-2983422617-984916726-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2992699830-2983422617-984916726-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk =  File not found
O4 - Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2992699830-2983422617-984916726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2992699830-2983422617-984916726-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33822A57-F00C-4F8D-BC78-8B65AE4DDCDC}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A4671C8-E7C6-4F4F-BD53-E5611E48965C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.29 10:17:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.29 10:14:08 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.05.29 10:13:51 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.28 13:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.28 08:42:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2013.05.28 08:03:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.28 08:03:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.28 08:03:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.28 08:03:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.28 08:03:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.28 08:03:12 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.25 09:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.22 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2013.05.22 15:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 15:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 15:41:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.22 15:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.18 22:54:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.18 22:54:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.18 22:54:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.18 22:54:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.18 22:54:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.18 22:54:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.18 22:54:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.18 22:54:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.18 22:54:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.18 22:54:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.18 22:54:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.18 22:54:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.18 22:54:30 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.16 08:42:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 08:42:37 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.16 08:42:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.16 08:42:35 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.16 08:42:35 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.16 08:42:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.13 16:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\scripts
[2013.05.03 16:04:04 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.03 16:04:04 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.03 16:04:04 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.03 16:03:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.03 16:03:59 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013.05.03 16:03:59 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.03 16:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.29 10:44:33 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 10:44:33 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 10:41:48 | 001,629,586 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.29 10:41:48 | 000,703,140 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.29 10:41:48 | 000,657,812 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.29 10:41:48 | 000,150,430 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.29 10:41:48 | 000,123,210 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.29 10:41:26 | 000,000,402 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013.05.29 10:38:11 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.29 10:37:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.29 10:03:45 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.28 08:18:26 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.05.27 16:01:00 | 000,000,978 | ---- | M] () -- C:\windows\tasks\Paragon Archive name arc_260313104821816.job
[2013.05.26 15:39:49 | 000,002,058 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2013.05.25 15:10:09 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.05.25 14:58:14 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.25 12:02:05 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.25 09:51:21 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.22 15:41:12 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.19 09:01:51 | 000,414,376 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.05 09:55:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.05.03 16:03:56 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013.05.03 16:03:55 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013.05.03 16:03:55 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013.05.03 16:03:55 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013.05.03 16:03:55 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013.05.03 16:03:55 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.28 08:03:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.28 08:03:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.28 08:03:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.28 08:03:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.28 08:03:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.25 15:10:09 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.05.25 09:51:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.25 09:51:21 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.22 15:41:12 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 04:00:01 | 000,000,855 | ---- | C] () -- C:\windows\xxclone.ini
[2012.11.19 14:35:56 | 012,845,056 | ---- | C] () -- C:\Users\user\AppData\Roaming\Sandra.mdb
[2012.08.29 13:44:05 | 000,000,722 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012.02.09 16:13:34 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
[2012.01.09 16:25:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd9.dll
[2012.01.09 16:25:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd11.dll
[2012.01.09 16:25:05 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dlumd10.dll
[2012.01.07 14:31:42 | 000,007,596 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2012.01.03 16:54:38 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI
[2012.01.02 13:40:39 | 001,607,480 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.16 22:30:31 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011.08.31 22:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.31 22:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.08.31 22:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.08.31 22:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.08.31 22:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.05.2013 10:51:02 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Klaus\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,97% Memory free
7,80 Gb Paging File | 5,62 Gb Available in Paging File | 72,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,94 Gb Total Space | 23,31 Gb Free Space | 24,04% Space Free | Partition Type: NTFS
Drive F: | 12,83 Gb Total Space | 0,60 Gb Free Space | 4,70% Space Free | Partition Type: NTFS
Drive L: | 1,46 Gb Total Space | 1,22 Gb Free Space | 83,53% Space Free | Partition Type: NTFS
 
Computer Name: USER-TOSH | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2992699830-2983422617-984916726-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2992699830-2983422617-984916726-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8EADC-3FCE-4475-BDC8-C9C65A3A87F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0B58A2B6-9DEF-4D36-A3B2-5CD56D5B2A20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0C7D3E5E-4DA9-467E-9F8E-A4079DEFCAD0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1222F5C9-F99C-4356-8761-D89C0A9B9666}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\rpcagentsrv.exe | 
"{1AD1A281-2AF7-4697-AA1C-2B6960788A2C}" = lport=9089 | protocol=6 | dir=in | name=vmware vcenter converter standalone - agent | 
"{53A9227D-7CA1-4B31-848F-D394ECBA11E7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6EECD4F0-6DE6-440D-8D48-F5289B020E28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{751F1F80-126A-4212-85C1-33516F402EAF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{779DC14C-8281-48E8-82AE-4B8F96145869}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FE03625-8331-4A6D-9607-A0A1FD893C39}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9FCD6845-7C65-4B26-95C9-88DDF7FBED93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AAA622C6-6A1C-4D49-B877-B6CB53CF7A68}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ABA87948-7D7E-45B7-893B-0B214B6F385D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BD2F94BD-9117-44E1-B9E7-F412624C2419}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013\wnt500x64\rpcsandrasrv.exe | 
"{C329BEB7-158B-46FA-8957-D0C99530EBE4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{DB4E69EA-1AB8-46C4-85DB-7604DDE3986E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3DB9F1F-7463-49B1-AC7B-32FF06AA798C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F62C3B41-3703-4354-889F-31C7D6C09A66}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F99B85BE-4F1A-4EB5-ABD7-711F44FB97E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F8A27D-C9ED-47B3-9F0C-282E8AB58AF2}" = protocol=6 | dir=in | app=c:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"{074DC7A5-506C-486C-A024-7626D1ED6697}" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
"{09C25EDB-67BE-4FB8-BAEA-1B0B329A716C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{0C7DA133-C305-4EFD-AFE1-2F891D0D7C8A}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe | 
"{10D22585-1977-44F8-AE62-9D6AB1FF89C2}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe | 
"{1A71CCD8-412A-4E08-A0ED-7C79B941BC98}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{1CA44A09-1CD0-4D94-BD03-588E923ACCC6}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1D418851-6ECF-4FFE-9C13-00226B65DA65}" = protocol=6 | dir=in | app=d:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"{1DD4914B-5295-4A7E-8D59-2ED535A140CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{1EF4183D-7369-4CFF-B0D5-A117CFEBA2A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{23D2A50D-E433-4120-BC5F-0E8BFF549A16}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe | 
"{26B248D0-D64F-41EF-8108-E8C1FB0C9413}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{28C285F4-6175-4918-8F83-086D46B8E76D}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe | 
"{2B796459-FADE-4E29-A5D0-E4721FD88F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{35C0F5CF-A795-46C3-AA56-60D9BC0FF223}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{384FF2C7-1865-4A36-BDB8-7E841F38A1BF}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe | 
"{3A125E5D-B620-4EA0-9667-8E038511A7DB}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe | 
"{3E7FE6F4-E2F9-46D3-BB61-EC0B4AF813A7}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe | 
"{4B4D33F7-C2FB-45B0-8590-F28F1CC7FD9D}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{50D38C61-FD2D-4711-A496-A49AEBB9BACE}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{54869EF8-0707-4074-888B-DD71463B59CD}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{5B6CEAE9-FE9F-495F-BE2F-4013F06A7407}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe | 
"{5C7BCFFC-D5AA-468D-AD5A-0FBEE09CA743}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe | 
"{5DAE02F1-E5CA-473F-932E-65A363473703}" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"{6032A03A-A398-4FC1-A9C2-8B2A281E8CF1}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe | 
"{61CE52F2-4ED5-4E36-B3C3-49601ACFD75B}" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
"{655C4D9A-F206-455B-B989-094FEBB38699}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{6743B385-9E09-4BBB-9850-239DC78B21D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{67715F19-339D-473D-A8CF-897072A5E992}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6B75E0DC-FF6D-45DB-A0F6-C1E660CA756F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6BAA149D-1F07-4E81-B50F-CAF2E805472F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FB47CF7-67AD-4056-A0C2-55BDF375F870}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{71B1D0F8-EEB1-4715-8D6F-E5F5680D79A6}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{863D053C-33B6-486C-98F1-0C0BD191D82E}" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"{8810F969-2D93-49DB-9339-E8197BD3D87B}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe | 
"{88963C7A-CAB9-445B-8D95-D6BF250BAB56}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe | 
"{89C540BC-C5E3-4DA7-8FF0-3D2FD4EB6701}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8A17542D-4106-4769-B7DB-BD3EF6BBD2C2}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{90A1EE21-41F4-4C7F-B654-040141BABB03}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe | 
"{93A7876F-2ED1-4415-8889-67FAE4084A17}" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe | 
"{944EC326-951F-49A9-9717-6A0E213D4FFC}" = protocol=17 | dir=in | app=d:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"{97161D18-28D9-4362-87F3-4E6A25DA1C45}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9A45BADC-7AE3-4088-A6F6-4C194DB7F82D}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe | 
"{9B208EDC-058A-43C0-8A09-32C1ACC70214}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{9CD88B41-AD5B-4FC7-9309-292D5B38E2B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A666B898-4A3F-4A1E-B5ED-FCB0CD743EB4}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe | 
"{A7F81B74-5E0B-4283-ACE4-8241AAA9DA0D}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe | 
"{ABE0F45C-7A27-423E-A1EB-119930DBFCDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BB9B1AE0-E4DE-46EF-9762-0130531C13F3}" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe | 
"{C011D14B-E8EA-412C-B06C-EF6689437503}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{C20A73A3-8526-496F-A055-02A61E303D3B}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe | 
"{C50B345D-D8FC-4777-BE4F-EC25F5BEB4DA}" = protocol=17 | dir=in | app=c:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"{D619AE61-3DB0-4157-8D3D-D017FC623164}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{D7253297-7750-4997-ABAF-E4E6DBF31047}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{D86F48D2-E2B9-4647-9104-263B2BDD746E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{DDAC3A31-AAE7-4FE0-ADDF-A664CA9BD4F9}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe | 
"{E177FDDE-BDAF-4DEB-B557-A335591E4AA0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E8C3CF4C-6DFD-47FE-AFB4-48E301EC1C05}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe | 
"{EA1D9B30-677C-421B-852D-1A2DE31DA85C}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe | 
"{EC1993A8-4A91-40C3-AC83-310C24A9356E}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{003603A7-46A3-4941-BDCA-ABD4C7C539B1}C:\program files (x86)\tftpd32\tftpd32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tftpd32\tftpd32.exe | 
"TCP Query User{0BF358CB-93D1-4D57-839C-F07B553A6BEC}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe" = protocol=6 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe | 
"TCP Query User{0E71F5F1-720D-4B6C-8F98-EDB6397C396A}C:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe | 
"TCP Query User{1A1E7A89-4DDD-40D0-ADB9-E25511835220}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe | 
"TCP Query User{26B0359E-F589-4680-90D8-45BDD7317180}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_71618e78c04e1e06\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_71618e78c04e1e06\movtec-server.exe | 
"TCP Query User{3894334A-BE7F-46ED-B287-4C0353057A33}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_79d31a1c787d7d78\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_79d31a1c787d7d78\movtec-server.exe | 
"TCP Query User{3A98BECC-78D6-4613-8C52-13646EFB919F}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe" = protocol=6 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe | 
"TCP Query User{4E490359-44DD-4627-94CA-BF4D4899E3D5}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe | 
"TCP Query User{5228CCCA-0B96-466E-B5C1-761AE32C67B3}C:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe" = protocol=6 | dir=in | app=c:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe | 
"TCP Query User{52368DBC-74D3-44E2-94CE-EDFAC7F12F5C}C:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe | 
"TCP Query User{55F8C7F1-CD86-4D23-8826-2FD17445CC6F}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe | 
"TCP Query User{5BD20F8D-50C7-4312-9562-DCCF004B3037}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe | 
"TCP Query User{5CA3D0E6-A1DE-469C-9E74-49F26C34A949}C:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe | 
"TCP Query User{6159FD31-0108-4CEF-B7F5-B142FCAB6F3D}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"TCP Query User{63E6168E-4C1D-4BAB-9228-8827FD13ED58}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe" = protocol=6 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe | 
"TCP Query User{6E661CC0-554C-42B2-BC3C-FB36DD3DEE5B}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6e999b4e14bdca86\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6e999b4e14bdca86\movtec-server.exe | 
"TCP Query User{710DA8AA-4F15-4F54-9F47-7ED32FF71A87}C:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe" = protocol=6 | dir=in | app=c:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe | 
"TCP Query User{7F4A5DFC-C8F7-422B-92C0-9A913C2FA737}D:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe" = protocol=6 | dir=in | app=d:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"TCP Query User{914FD0B0-811A-4555-9891-A1411DF15987}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe" = protocol=6 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe | 
"TCP Query User{992806BE-0FA9-439A-88E2-58DD44780DB3}C:\program files (x86)\tftpd32\tftpd32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tftpd32\tftpd32.exe | 
"TCP Query User{99F33376-EA1C-4390-8BD5-94C726F04518}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe | 
"TCP Query User{A81298B0-FC0A-4DF2-BE72-C475B89DB77F}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe | 
"TCP Query User{A84794D5-7548-49EE-BBD9-9E3BB1E99411}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\serv..tion_18ccce86e1e75ee0_0001.0000_eed615c9ffa4a41b\servertest.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\serv..tion_18ccce86e1e75ee0_0001.0000_eed615c9ffa4a41b\servertest.exe | 
"TCP Query User{AB4AFE20-CAA1-46A4-A7E9-EA6F6A2438CD}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe | 
"TCP Query User{B4AC2DB3-752F-4764-8071-EF0BE595DB57}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe | 
"TCP Query User{D1B91C3F-FF88-4BBE-B62F-D6106ABA2F8E}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe | 
"TCP Query User{D439364C-A7BD-4446-AB91-2D9DAD78AA13}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe | 
"TCP Query User{DA9E873C-4013-497D-8CFF-5D73D3B3128E}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
"TCP Query User{E0853660-5A02-4BFA-BEF5-86365FF04614}C:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe" = protocol=6 | dir=in | app=c:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"TCP Query User{E169736F-A8CC-458D-A396-C3A49B5CFC68}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_93df7ad37845ebf2\movtec-server.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_93df7ad37845ebf2\movtec-server.exe | 
"TCP Query User{F9C144F2-AC47-40B2-BE45-6A838780F694}C:\users\klaus\appdata\local\temp\temp1_netscan_542.zip\64-bit\netscan.exe" = protocol=6 | dir=in | app=c:\users\klaus\appdata\local\temp\temp1_netscan_542.zip\64-bit\netscan.exe | 
"UDP Query User{026A11A9-599B-4414-8DD8-5C24B457E5C9}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"UDP Query User{09EE01A8-E28C-47EB-8C93-FA9B4E93CC25}C:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe | 
"UDP Query User{1B3CBF96-FFBA-4109-9DE9-76864E53BB75}C:\program files (x86)\tftpd32\tftpd32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tftpd32\tftpd32.exe | 
"UDP Query User{2E302F32-1B00-4D2D-B5A3-E0FFA80A43D3}D:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe" = protocol=17 | dir=in | app=d:\ralph-7-12-12\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"UDP Query User{3CCF14E9-A7A4-4595-BDC1-78BB5905BCEA}C:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe | 
"UDP Query User{4442C2C7-1413-4C18-9433-C5370F084B75}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe" = protocol=17 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe | 
"UDP Query User{47E67F6D-05CB-443B-A95D-3A6EA409DBBF}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_79d31a1c787d7d78\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_79d31a1c787d7d78\movtec-server.exe | 
"UDP Query User{51F825C5-75C0-4248-9BC9-C16233AF97E3}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe" = protocol=17 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe | 
"UDP Query User{5E1660EF-FDD8-4E59-BCFB-169893B8622C}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_71618e78c04e1e06\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_71618e78c04e1e06\movtec-server.exe | 
"UDP Query User{5ED8AC43-1318-481F-B67A-33ECF4EBF271}C:\users\klaus\appdata\local\temp\temp1_netscan_542.zip\64-bit\netscan.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\temp\temp1_netscan_542.zip\64-bit\netscan.exe | 
"UDP Query User{6E3EEA11-3CB3-46D9-A5EC-F3103BDFD8E2}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6d9b7bd719355846\movtec-server.exe | 
"UDP Query User{7390BC3C-E57B-43E4-A5AC-79F48250C3BE}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_7924680228b34506\movtec-server.exe | 
"UDP Query User{862A2A87-A02A-455C-824D-F52B3F1823C7}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_12c3fa953f596ea8\movtec-server.exe | 
"UDP Query User{86F252E7-5334-412D-8585-20AAE38CD3F8}C:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe" = protocol=17 | dir=in | app=c:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe | 
"UDP Query User{99A993B9-323F-41F5-B0E0-D0143C282695}C:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\avr studio 5.0\avrstudio5.exe | 
"UDP Query User{ADD73807-4960-451A-BCF8-53C36A7C8E90}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8fe6fcf78a2422f2\movtec-server.exe | 
"UDP Query User{B49196BA-E14A-41DE-B193-60F6754D2A81}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_867dd40c544b92a2\movtec-server.exe | 
"UDP Query User{C2714009-74BA-44CB-9F5B-C6E3BFF814EB}C:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe" = protocol=17 | dir=in | app=c:\nxp\lpcxpresso_4.1.5_219\lpcxpresso\lpcxpresso.exe | 
"UDP Query User{C498C7E6-220D-4438-BE2B-20DD7CB757D3}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_857fb49558c32062\movtec-server.exe | 
"UDP Query User{C6C22F73-51E7-4922-B5D5-9A817B9170B1}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe" = protocol=17 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\movtec-server.vshost.exe | 
"UDP Query User{CCAE8A0C-5B74-4002-AA72-1DBB4E2BBFD4}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6e999b4e14bdca86\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6e999b4e14bdca86\movtec-server.exe | 
"UDP Query User{D1ACD31C-FB47-4A2B-BA1E-65C73C94A690}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0001.0000_0b01210fd8f086a8\movtec-server.exe | 
"UDP Query User{D2E5EBF7-732C-4C04-A352-57FF15F449DB}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_93df7ad37845ebf2\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_93df7ad37845ebf2\movtec-server.exe | 
"UDP Query User{DC6E9BBC-A619-4DCE-A4FB-E321B828E353}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_ee8a04d59b8dcc5f_0002.0003_877bf3834fd404e2\movtec-server.exe | 
"UDP Query User{E595B7FD-4604-4292-B37E-A402400E00E0}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_18ccce86e1e75ee0_0002.0002_6f97bac510463cc6\movtec-server.exe | 
"UDP Query User{E705957B-3A87-4218-868C-DD26B44ED9B7}C:\program files (x86)\tftpd32\tftpd32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tftpd32\tftpd32.exe | 
"UDP Query User{EC3EF22A-424B-4EF3-B24C-3110D2DCC83E}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 
"UDP Query User{ED2E8FF6-556F-4CAA-8406-E5AE8F35A6A0}C:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe" = protocol=17 | dir=in | app=c:\daten\pro2012\servertest\servertest\servertest\bin\debug\servertest.vshost.exe | 
"UDP Query User{EE0E6334-7992-4BED-A89D-22DDA6BBB7D1}C:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe" = protocol=17 | dir=in | app=c:\daten\pro2012\ralph-10-12-11\rolitec-multiclient\rolitec\rolitec\bin\release\rolitec.vshost.exe | 
"UDP Query User{F31A9025-6639-4E18-AD30-C1D0557527DF}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\serv..tion_18ccce86e1e75ee0_0001.0000_eed615c9ffa4a41b\servertest.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\serv..tion_18ccce86e1e75ee0_0001.0000_eed615c9ffa4a41b\servertest.exe | 
"UDP Query User{F7C01CB2-B23C-4992-82BC-6BE2F14CA5CB}C:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe" = protocol=17 | dir=in | app=c:\users\klaus\appdata\local\apps\2.0\cmg9jowk.a64\kl5c47ta.5c2\movt..tion_0000000000000000_0002.0003_8ee8dd808e9bb0b2\movtec-server.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{41C2B21A-63BB-4377-9567-A97B15F21E59}" = TOSHIBA eco Utility
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{568DB719-EC9F-4849-963C-7A0B44720A89}" = TortoiseOverlays
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CD0E9FFE-70DD-47E3-A7A5-750E9DE6F40B}" = JLink OB CDC Driver Package
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"6D4C34D12E9233ABADF9D04ADF9E288A7ECF3B5B" = Windows-Treiberpaket - Segger (jlink_ob_x64) USB  (03/13/2012 2.6.6.2)
"BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1" = Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4)
"HHD Device Monitoring Studio 5.01" = HHD Software Device Monitoring Studio 6.23
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"XXClone" = XXClone  ver 2.01.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{AJD76SJ-35N7-lu12-9G97-86JQECXSJCGHS-1-60}}" = NanoPro 1.60
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.7
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2D423733-FCBC-4E27-B026-D6D973C6496F}" = Atmel Software Framework
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51CC3953-2D06-47FA-832A-B7FD24D01322}" = Atmel Studio 6.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E579724-82F9-454C-A98E-39DDDAB167FF}" = Intel(R) Rapid Start Technology
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{81625E71-471E-4D6F-9DC2-1D1361B7C7E1}_is1" = FME Flash Programming Tool for Fujitsu 32Bit FR Microcontroller
"{839C8799-AF0E-4D6D-A844-54779BDCB092}" = NetObjects Fusion 8
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{913546A0-219F-439E-A1EE-4D8E6B38FEBB}" = FUJITSU FLASH MCU Programmer for FR
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}" = TOSHIBA ConfigFree
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = Atmel USB
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EDF0C1D5-D980-48F9-BA19-0ECEDEF8C5D4}" = VMware vCenter Converter Standalone
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F47455A0-B827-11E2-870C-984BE15F174E}" = Evernote v. 4.6.5
"{F4B25487-619C-4F40-BDF6-65044CC5CCD0}" = FR Family SOFTUNE Professional Pack V6
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"{jf934jf9-kf93-38dj-akw9-dke8saqw9273}" = NanoJEasy 1.04
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bazaar_is1" = Bazaar 2.4.2
"Digital Editions" = Adobe Digital Editions
"Disk Investigator" = Disk Investigator 1.61
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Chrome" = Google Chrome
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IrfanView" = IrfanView (remove only)
"LinuxLive USB Creator" = LinuxLive USB Creator
"LPCXpresso4_is1" = LPCXpresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSVC50" = Microsoft Visual C++ 5.0
"PC Wizard 2012_is1" = PC Wizard 2012.2.1
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"ST6UNST #1" = Dir Size View v1.0.0
"ST6UNST #2" = Dir Size View v1.0.0 (C:\Program Files (x86)\DirSizeView\)
"TeamViewer 8" = TeamViewer 8
"Tftpd32" = Tftpd32 Standalone Edition (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 2.0.0
"VMware_Player" = VMware Player
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.4
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2992699830-2983422617-984916726-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"294a50c8c7cbdb21" = CSChipID
"5d43ed9a4943854f" = SimpleHelloWelt
"97778746c6e95db3" = Movtec-Server
"e0b9e05583b293f3" = Movtec-Raster
"GoToMeeting" = GoToMeeting 5.4.0.1083
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.05.2013 04:37:27 | Computer Name = user-TOSH | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 29.05.2013 04:33:11 | Computer Name = user-TOSH | Source = DCOM | ID = 10010
Description = 
 
Error - 29.05.2013 04:35:29 | Computer Name = user-TOSH | Source = DCOM | ID = 10010
Description = 
 
Error - 29.05.2013 04:37:29 | Computer Name = user-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 29.05.2013 04:38:28 | Computer Name = user-TOSH | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

27.05.2013, 08:49	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mausverhalten merkwürdig Hatte Malwarebyte noch nie etwas gefunden? __________________ Logfiles bitte immer in CODE-Tags posten

28.05.2013, 13:15	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mausverhalten merkwürdig falsches Log von MBAR __________________ Logfiles bitte immer in CODE-Tags posten

28.05.2013, 13:51	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mausverhalten merkwürdig ok, dann jetzt bitte tdsskiller __________________ Logfiles bitte immer in CODE-Tags posten

Mausverhalten merkwürdig

Log-Analyse und Auswertung: Mausverhalten merkwürdig