| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.05.2013, 14:46
| #1 |
 |  Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Hallo. Seit einiger Zeit fährt mein Laptop nur noch langsam hoch oder hängt sich kurzzeitig während des Gebrauchs auf. Ist auch nach dem hochfahren manchmal noch sehr langsam. Malwarebytes Antimalware findet nix und Kaspersky CBE 12 auch nicht. Ich glaube ich habe ein Virus oder ähnliches,weil das alles erst ist als ich einen dummen Fehler begang und ein Spiel öffnete namens "Alien Breed",daß ich von einem Bekannten hatte. Habe schon ein paar Massnahmen getroffen,wie alles von dem Spiel zu löschen und den Registry-Schlüssel von dem Spiel gelöscht habe. Und in dem Registry Schlüssel "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication" den Eintrag "AlienBreed.exe" in den vorherigen Eintrag(mir zuletzt bekannten) "setup.exe" umgewandelt habe. Hat alles nicht geholfen. Bitte nicht wundern über die Event Log Einträge "Windows konnte nicht ordnungsgemäß herunterfahren",weil ich weiß das das von Kaspersky kommt. Ist ein anderes Problem das ich wohl mit Kaspersky klären muß. Hier die geforderten Logs: OTL : Code:
ATTFilter OTL logfile created on: 04.05.2013 13:05:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free 5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 13:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLI\Downloads\OTL.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe PRC - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010.08.15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.05.01 17:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe ========== Modules (No Company Name) ========== MOD - [2012.04.10 19:18:26 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtgui4.dll MOD - [2012.04.10 19:18:24 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtscript4.dll MOD - [2012.04.10 19:18:22 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtsql4.dll MOD - [2012.04.10 19:18:20 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtcore4.dll MOD - [2012.04.10 19:18:20 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtnetwork4.dll MOD - [2012.04.10 19:18:18 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.07.27 22:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.04.12 00:08:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.11 22:51:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe -- (usbglcsservice) SRV - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.05.25 21:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.02 20:27:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.02 20:27:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.26 20:34:16 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.02.23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.12.24 07:55:17 | 000,024,064 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbglcs1080101.sys -- (usbglcs1080101) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.10 20:25:26 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2010.07.27 23:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.07.27 22:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.12.22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2009.09.19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2009.09.19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.09.19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 21:01:16 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.22 20:38:34 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 20:26:40 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 17:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1) DRV:64bit: - [2009.05.05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {68840E18-4E84-4C21-8147-D29F61851A09} IE:64bit: - HKLM\..\SearchScopes\{68840E18-4E84-4C21-8147-D29F61851A09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36} IE - HKLM\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms} IE - HKLM\..\SearchScopes\{F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?ocid=ie9hphttp [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9} IE - HKCU\..\SearchScopes\{14509999-C769-43BA-A81E-CDCAC7E330C1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{32A8E952-D9B3-4AD0-8DBC-04B748D79EE7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKCU\..\SearchScopes\{679FE04A-A103-48FC-AA4D-F152BBE669F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.5 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=" FF - prefs.js..network.proxy.ftp: "77.48.30.205" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "77.48.30.205" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "77.48.30.205" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "77.48.30.205" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OLI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.01 15:58:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2013.04.24 03:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions [2011.12.30 20:52:15 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions\jyboy.yy@gmail.com [2012.05.19 17:12:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\check-compatibility@dactyl.googlecode.com.xpi [2013.04.21 22:41:55 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\compatibility@addons.mozilla.org.xpi [2013.04.04 03:45:22 | 000,281,174 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\download_mp3@dilandau.eu.xpi [2013.01.27 00:18:55 | 000,194,374 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\plugin@filsh.net.xpi [2013.02.11 03:25:56 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\stealthyextension@gmail.com.xpi [2013.04.24 03:31:14 | 000,223,761 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013.02.14 16:44:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.13 06:59:54 | 000,001,743 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\music-downloader.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\startsear.xml [2011.09.13 07:03:37 | 000,001,912 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\videosurf.xml [2011.09.13 07:01:12 | 000,004,140 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\youtube.xml [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.04.11 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.11 22:51:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.12 10:54:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 10:54:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.12 10:54:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 10:54:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 10:54:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 10:54:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.30 04:00:07 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit) O4 - HKCU..\Run: [XBGameingMouse] C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC774E8-9E9A-41F7-AF63-81DCAA31AC0C}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F761BC-69FB-48E7-A0C8-5E72CEA4C0A3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E29FADF-7A39-4411-BC48-A23AC19D53D9}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A37F83FD-0ECF-4EA3-8D73-87835C07ACD8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 19:56:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.30 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\OLI\AppData\Roaming\dvdcss [2013.04.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.21 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.11 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.09 07:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.04 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\OLI\defogger_reenable [2013.05.04 12:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job [2013.05.04 12:36:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 12:30:24 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 12:30:24 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 12:30:24 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 12:30:24 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 12:30:24 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.04 12:26:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.04 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 12:25:05 | 2211,205,120 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 12:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.04 06:55:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job [2013.04.30 18:41:21 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 04:44:58 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.11 01:50:16 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.04 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\OLI\defogger_reenable [2013.02.15 04:42:19 | 000,256,947 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe [2012.12.10 11:09:08 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.26 20:37:10 | 000,017,408 | ---- | C] () -- C:\Users\OLI\AppData\Local\WebpageIcons.db [2012.03.19 13:44:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.12.14 05:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe [2011.05.23 06:17:06 | 000,000,265 | ---- | C] () -- C:\Windows\game.ini [2011.01.20 21:00:32 | 000,007,599 | ---- | C] () -- C:\Users\OLI\AppData\Local\resmon.resmoncfg [2011.01.03 19:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.02.07 20:56:04 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Broken Sword 2.5 [2011.01.06 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.11.27 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\IObit [2011.01.08 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PC Suite [2011.01.10 19:51:01 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PlayFirst [2012.11.04 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\POINTERGHOSTV1 [2012.10.28 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\QLDT [2011.05.11 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Sahmon Games [2011.01.31 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Samsung [2013.04.30 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\SoftGrid Client [2011.01.05 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Toshiba [2011.01.10 08:13:29 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TP [2013.05.04 03:54:39 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TS3Client [2011.01.17 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\WinBatch [2012.05.30 02:26:45 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Windows Live Writer [2011.09.18 18:30:28 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 13:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free
5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1211D7D6-908C-462B-AA78-AE3830902511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DD11942-7A6F-42AC-9773-EC8361AA416F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EC5BCA6-F3B4-49F1-9B2C-FBD9F7892F8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F4A363A-124C-41AF-8371-859378FDBC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{39196980-25E9-41A3-B8FE-21CDE2ACD24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A51B552-3E73-4EEA-9864-CAF1A7A00425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50F7DD02-FFAF-4CB1-B179-80CD2693EE95}" = lport=137 | protocol=17 | dir=in | app=system |
"{53821D93-1BCE-480C-BF0C-C17DF272AA18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{586D1FB6-2A07-4C68-9829-939236537700}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D13920E-5AB5-4302-ABDA-584EF0CED3D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{65147306-555D-483C-B65C-04E8E798EAAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78DB3E3D-D768-4B94-8CB4-FDB28B5F40F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CD525F6-35C5-45B2-BE42-3B0C85C90A71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B48888E-5C62-4742-AC04-407DE0AB04A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A534B4E-3184-40BD-A30E-23B5A85B66D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F046C08-0CD5-4580-BCF0-85A879819D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA302B03-39FB-445D-9849-C0742FB0002F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C253D039-3B00-462D-AE0E-D268C4017FA2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8DF7340-8159-4C2F-9E53-D11356BA41DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D687C250-333F-403B-9864-31B8A1E737DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{E08610B7-AF8B-4E6B-8410-A3AEE6D26E5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5120809-1EBF-4196-A473-CE47B057A645}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE601E16-D352-44A7-A325-1F0A8F0294BE}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6764-1F20-461B-AA1D-565A9DFA2E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{0FA44BAF-A3F7-4CB1-83E0-FE18831309A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{16668A7D-8A46-4A7B-9D31-613B8A58F20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{253F5739-D4CE-48A2-8769-9BA7FD164694}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2D54B855-24E9-41F0-BD50-10F069BD27CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36EECCEA-A5A6-4B62-BD4D-C3112ABAE12E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39301E41-3919-42DF-AB44-727979F26393}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{3ABFF15A-A630-4135-9867-23F5DF19487A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41564087-A844-47E2-8BE5-F18FDB56FE61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C38120C-8647-4D00-B726-A1DCC7BCBAAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57C96228-5D68-4558-8B44-DB3E305B9188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61547546-893E-434F-9FBD-C6294B8F727D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BB98B3A-7580-45E4-91FA-92E12A99A499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FFE608B-67CF-457C-9465-53AA7B32ABCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76381093-71D7-448B-B0AC-FB70F54A7924}" = protocol=6 | dir=out | app=system |
"{784A83C3-2258-4F7C-ABF3-2A4A328AA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78EC69CE-053F-412B-AC28-2722B66C0E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7D1DE0BE-79F8-46FF-B38F-78EBFCDC06E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{915C0F03-2DA0-4DC2-81F7-BE59D151A627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94275EC7-C437-4517-9116-C7993D2F5A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB930DAB-D69F-4979-98F5-F8121B99882F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADEFF3B4-83D0-41E6-A139-EE06EEF2337B}" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B94911F1-D56F-4189-8016-547F33583E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C19AAA2A-1D4A-4136-9086-A9858DAD82A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1DDB058-B9F7-4D18-9876-45FCC8245389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66C1C97-0E3E-4C41-858D-46AE51949703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6C704B5-13D9-4E85-BFF6-09A8211F59D6}" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{1D3F0D53-F812-4346-91F9-7482DE757A31}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{2DEB07CC-C537-481A-9346-131597109249}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{6B9258EA-9CD3-4823-B59D-0AA1D2EBE00A}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"TCP Query User{7D63FFF2-75D6-46AF-B261-0ABA263B37D7}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{785F008C-33A0-482E-A5A9-2944504347F1}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{909B5985-1F84-440A-96AE-E0453AD62E31}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"UDP Query User{AAA0D1E3-1C2A-4144-A989-CD077071C71F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{C8B1DD81-E506-4D4E-9975-F46C579D115A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish
"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese
"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional
"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common
"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CE1803-BA5B-F103-47E8-296CD40EB98C}" = Photo Service - powered by myphotobook
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean
"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish
"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish
"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy
"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English
"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek
"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BILDmobil" = BILDmobil
"Bridge Construction Set_is1" = Bridge Construction Set 1.3.9.1
"CloneCD" = CloneCD
"Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ELECOM E-Force Laser Gaming Mouse14101" = ELECOM E-Force Laser Gaming Mouse
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QLDT" = Quake Live Demo Tools
"QLPrism" = QLPrism
"SopCast" = SopCast 3.5.0
"Star Sword_is1" = Star Sword
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.09.2012 22:59:16 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VLC 64bit.exe, Version: 2.0.2.0,
Zeitstempel: 0x4fec5841 Name des fehlerhaften Moduls: libpostproc_plugin.dll, Version:
0.0.0.0, Zeitstempel: 0x4fec5857 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000002c61
ID
des fehlerhaften Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01cd8ca3acc74c21
Pfad
der fehlerhaften Anwendung: C:\Users\OLI\Downloads\vlc-2.0.2\VLC 64bit.exe Pfad
des fehlerhaften Moduls: C:\Users\OLI\Downloads\vlc-2.0.2\plugins\video_filter\libpostproc_plugin.dll
Berichtskennung:
0215a03c-f898-11e1-9d2e-88ae1dfea539
Error - 09.09.2012 17:05:04 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.09.2012 06:25:20 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 24.09.2012 16:41:27 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XMedia Recode.exe, Version: 3.1.2.5,
Zeitstempel: 0x504e33a6 Name des fehlerhaften Moduls: XMedia Recode.exe, Version:
3.1.2.5, Zeitstempel: 0x504e33a6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000370a
ID
des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0x01cd9a92c6cf8b6f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Berichtskennung:
361efa99-0688-11e2-a974-88ae1dfea539
Error - 28.09.2012 21:20:54 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Plugin Container for Firefox" konnte
nicht heruntergefahren werden.
Error - 28.09.2012 22:46:15 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
werden.
Error - 01.10.2012 05:08:23 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.10.2012 13:57:30 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 14.10.2012 14:34:45 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.1.4666,
Zeitstempel: 0x5076192e Name des fehlerhaften Moduls: xul.dll, Version: 16.0.1.4666,
Zeitstempel: 0x50761893 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000be717 ID des fehlerhaften
Prozesses: 0xe34 Startzeit der fehlerhaften Anwendung: 0x01cdaa33f8523935 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d2f6b52e-162d-11e2-b57b-88ae1dfea539
Error - 14.10.2012 15:16:32 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 15.02.2011 02:57:44 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:44 - Fehler beim Herstellen der Internetverbindung. 07:57:44
- Serververbindung konnte nicht hergestellt werden..
Error - 15.02.2011 02:57:57 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:49 - Fehler beim Herstellen der Internetverbindung. 07:57:49
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 16:45:15 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:15 - Fehler beim Herstellen der Internetverbindung. 21:45:15
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 16:45:26 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:21 - Fehler beim Herstellen der Internetverbindung. 21:45:21
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 17:45:31 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:31 - Fehler beim Herstellen der Internetverbindung. 22:45:31
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 17:45:37 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:36 - Fehler beim Herstellen der Internetverbindung. 22:45:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.03.2011 15:05:40 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:40 - Fehler beim Herstellen der Internetverbindung. 20:05:40
- Serververbindung konnte nicht hergestellt werden..
Error - 17.03.2011 15:05:51 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:45 - Fehler beim Herstellen der Internetverbindung. 20:05:45
- Serververbindung konnte nicht hergestellt werden..
Error - 27.06.2011 14:01:58 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:01:58 - Fehler beim Herstellen der Internetverbindung. 20:01:58
- Serververbindung konnte nicht hergestellt werden..
Error - 27.06.2011 14:02:08 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:02:03 - Fehler beim Herstellen der Internetverbindung. 20:02:03
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.05.2013 07:09:59 | Computer Name = Liebert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 13:08:53 unerwartet heruntergefahren.
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 04.05.2013 00:30:59 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 04.05.2013 05:55:17 | Computer Name = Liebert | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht
richtig gestartet.
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = DCOM | ID = 10005
Description =
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft-Softwareschattenkopie-Anbieter erreicht.
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-04 14:41:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 TOSHIBA_ rev.GH10 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OLI\AppData\Local\Temp\ufddapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fee000 63 bytes [00, EC, F6, 02, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002fee042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1040:1176] 000007fefb6a8274
Thread C:\Windows\system32\svchost.exe [1040:3788] 000007fefb6a8274
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2724] 000000007175102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2732] 000000007145f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2740] 000000007145f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2744] 00000000714555d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:3044] 00000000716fc159
Thread C:\Windows\system32\taskhost.exe [3768:4004] 000007fef4a12740
Thread C:\Windows\system32\taskhost.exe [3768:4052] 000007fef49f1f38
Thread C:\Windows\system32\taskhost.exe [3768:3852] 000007fefb991010
---- EOF - GMER 2.1 ----
|
| Themen zu Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam |
| 7-zip, adobe reader xi, autorun, bho, bingbar, error, fehler, firefox, flash player, helper, home, hängt, kaspersky, langsam, logfile, microsoft office starter 2010, mmc.exe, mozilla, mp3, plug-in, problem, realtek, richtlinie, rundll, scan, security, sehr langsam, software, svchost.exe, systemcare, taskhost.exe, tastatur, teamspeak, virus, windows |
Baum-Darstellung