| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.05.2013, 14:46
| #1 |
 |  Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Hallo. Seit einiger Zeit fährt mein Laptop nur noch langsam hoch oder hängt sich kurzzeitig während des Gebrauchs auf. Ist auch nach dem hochfahren manchmal noch sehr langsam. Malwarebytes Antimalware findet nix und Kaspersky CBE 12 auch nicht. Ich glaube ich habe ein Virus oder ähnliches,weil das alles erst ist als ich einen dummen Fehler begang und ein Spiel öffnete namens "Alien Breed",daß ich von einem Bekannten hatte. Habe schon ein paar Massnahmen getroffen,wie alles von dem Spiel zu löschen und den Registry-Schlüssel von dem Spiel gelöscht habe. Und in dem Registry Schlüssel "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication" den Eintrag "AlienBreed.exe" in den vorherigen Eintrag(mir zuletzt bekannten) "setup.exe" umgewandelt habe. Hat alles nicht geholfen. Bitte nicht wundern über die Event Log Einträge "Windows konnte nicht ordnungsgemäß herunterfahren",weil ich weiß das das von Kaspersky kommt. Ist ein anderes Problem das ich wohl mit Kaspersky klären muß. Hier die geforderten Logs: OTL : Code:
ATTFilter OTL logfile created on: 04.05.2013 13:05:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free 5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 13:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLI\Downloads\OTL.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe PRC - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe PRC - [2010.08.15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.05.01 17:55:36 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe ========== Modules (No Company Name) ========== MOD - [2012.04.10 19:18:26 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtgui4.dll MOD - [2012.04.10 19:18:24 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtscript4.dll MOD - [2012.04.10 19:18:22 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtsql4.dll MOD - [2012.04.10 19:18:20 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtcore4.dll MOD - [2012.04.10 19:18:20 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtnetwork4.dll MOD - [2012.04.10 19:18:18 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.07.27 22:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.04.12 00:08:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.11 22:51:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.12.24 07:55:20 | 005,865,289 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe -- (usbglcsservice) SRV - [2010.08.27 18:20:14 | 001,811,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.05.25 21:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.02 20:27:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.06.02 20:27:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.26 20:34:16 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.02.23 17:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.12.24 07:55:17 | 000,024,064 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbglcs1080101.sys -- (usbglcs1080101) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.10 20:25:26 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2010.07.27 23:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.07.27 22:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.01.07 10:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.12.22 04:31:04 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.19 07:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2009.09.19 07:30:14 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2009.09.19 07:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.09.19 07:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.22 21:01:16 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.22 20:38:34 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 20:26:40 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 17:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1) DRV:64bit: - [2009.05.05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.12.22 04:31:26 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {68840E18-4E84-4C21-8147-D29F61851A09} IE:64bit: - HKLM\..\SearchScopes\{68840E18-4E84-4C21-8147-D29F61851A09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36} IE - HKLM\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms} IE - HKLM\..\SearchScopes\{F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?ocid=ie9hphttp [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9} IE - HKCU\..\SearchScopes\{14509999-C769-43BA-A81E-CDCAC7E330C1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{32A8E952-D9B3-4AD0-8DBC-04B748D79EE7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKCU\..\SearchScopes\{679FE04A-A103-48FC-AA4D-F152BBE669F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.5 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=" FF - prefs.js..network.proxy.ftp: "77.48.30.205" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "77.48.30.205" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "77.48.30.205" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "77.48.30.205" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OLI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.01 15:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.01 15:58:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2013.04.24 03:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions [2011.12.30 20:52:15 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions\jyboy.yy@gmail.com [2012.05.19 17:12:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\check-compatibility@dactyl.googlecode.com.xpi [2013.04.21 22:41:55 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\compatibility@addons.mozilla.org.xpi [2013.04.04 03:45:22 | 000,281,174 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\download_mp3@dilandau.eu.xpi [2013.01.27 00:18:55 | 000,194,374 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\plugin@filsh.net.xpi [2013.02.11 03:25:56 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\stealthyextension@gmail.com.xpi [2013.04.24 03:31:14 | 000,223,761 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013.02.14 16:44:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.13 06:59:54 | 000,001,743 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\music-downloader.xml [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\startsear.xml [2011.09.13 07:03:37 | 000,001,912 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\videosurf.xml [2011.09.13 07:01:12 | 000,004,140 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\youtube.xml [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.04.11 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.11 22:51:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.12 10:54:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 10:54:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.12 10:54:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 10:54:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 10:54:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 10:54:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.30 04:00:07 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit) O4 - HKCU..\Run: [XBGameingMouse] C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC774E8-9E9A-41F7-AF63-81DCAA31AC0C}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F761BC-69FB-48E7-A0C8-5E72CEA4C0A3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E29FADF-7A39-4411-BC48-A23AC19D53D9}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A37F83FD-0ECF-4EA3-8D73-87835C07ACD8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun O33 - MountPoints2\{4466a1ba-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell - "" = AutoRun O33 - MountPoints2\{4466a1c5-1753-11e0-99c1-88ae1dfea539}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{cd1dcd6c-18e3-11e0-aa39-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 19:56:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.30 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\OLI\AppData\Roaming\dvdcss [2013.04.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.21 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.11 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.09 07:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.04 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\OLI\defogger_reenable [2013.05.04 12:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job [2013.05.04 12:36:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 12:34:22 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.04 12:30:24 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 12:30:24 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 12:30:24 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 12:30:24 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 12:30:24 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.04 12:26:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.04 12:25:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 12:25:05 | 2211,205,120 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 12:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.04 06:55:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job [2013.04.30 18:41:21 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 04:44:58 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.11 01:50:16 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [15 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.04 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\OLI\defogger_reenable [2013.02.15 04:42:19 | 000,256,947 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe [2012.12.10 11:09:08 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.26 20:37:10 | 000,017,408 | ---- | C] () -- C:\Users\OLI\AppData\Local\WebpageIcons.db [2012.03.19 13:44:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.12.14 05:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe [2011.05.23 06:17:06 | 000,000,265 | ---- | C] () -- C:\Windows\game.ini [2011.01.20 21:00:32 | 000,007,599 | ---- | C] () -- C:\Users\OLI\AppData\Local\resmon.resmoncfg [2011.01.03 19:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.02.07 20:56:04 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Broken Sword 2.5 [2011.01.06 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.11.27 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\IObit [2011.01.08 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PC Suite [2011.01.10 19:51:01 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\PlayFirst [2012.11.04 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\POINTERGHOSTV1 [2012.10.28 17:57:34 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\QLDT [2011.05.11 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Sahmon Games [2011.01.31 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Samsung [2013.04.30 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\SoftGrid Client [2011.01.05 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Toshiba [2011.01.10 08:13:29 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TP [2013.05.04 03:54:39 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\TS3Client [2011.01.17 21:46:59 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\WinBatch [2012.05.30 02:26:45 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\Windows Live Writer [2011.09.18 18:30:28 | 000,000,000 | ---D | M] -- C:\Users\OLI\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 13:05:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 63,57% Memory free
5,49 Gb Paging File | 3,89 Gb Available in Paging File | 70,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 95,08 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1211D7D6-908C-462B-AA78-AE3830902511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DD11942-7A6F-42AC-9773-EC8361AA416F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EC5BCA6-F3B4-49F1-9B2C-FBD9F7892F8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F4A363A-124C-41AF-8371-859378FDBC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{39196980-25E9-41A3-B8FE-21CDE2ACD24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A51B552-3E73-4EEA-9864-CAF1A7A00425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50F7DD02-FFAF-4CB1-B179-80CD2693EE95}" = lport=137 | protocol=17 | dir=in | app=system |
"{53821D93-1BCE-480C-BF0C-C17DF272AA18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{586D1FB6-2A07-4C68-9829-939236537700}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D13920E-5AB5-4302-ABDA-584EF0CED3D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{65147306-555D-483C-B65C-04E8E798EAAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78DB3E3D-D768-4B94-8CB4-FDB28B5F40F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CD525F6-35C5-45B2-BE42-3B0C85C90A71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B48888E-5C62-4742-AC04-407DE0AB04A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A534B4E-3184-40BD-A30E-23B5A85B66D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F046C08-0CD5-4580-BCF0-85A879819D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA302B03-39FB-445D-9849-C0742FB0002F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C253D039-3B00-462D-AE0E-D268C4017FA2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8DF7340-8159-4C2F-9E53-D11356BA41DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D687C250-333F-403B-9864-31B8A1E737DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{E08610B7-AF8B-4E6B-8410-A3AEE6D26E5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5120809-1EBF-4196-A473-CE47B057A645}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE601E16-D352-44A7-A325-1F0A8F0294BE}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6764-1F20-461B-AA1D-565A9DFA2E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{0FA44BAF-A3F7-4CB1-83E0-FE18831309A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{16668A7D-8A46-4A7B-9D31-613B8A58F20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{253F5739-D4CE-48A2-8769-9BA7FD164694}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2D54B855-24E9-41F0-BD50-10F069BD27CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36EECCEA-A5A6-4B62-BD4D-C3112ABAE12E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39301E41-3919-42DF-AB44-727979F26393}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{3ABFF15A-A630-4135-9867-23F5DF19487A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41564087-A844-47E2-8BE5-F18FDB56FE61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C38120C-8647-4D00-B726-A1DCC7BCBAAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57C96228-5D68-4558-8B44-DB3E305B9188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61547546-893E-434F-9FBD-C6294B8F727D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BB98B3A-7580-45E4-91FA-92E12A99A499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FFE608B-67CF-457C-9465-53AA7B32ABCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76381093-71D7-448B-B0AC-FB70F54A7924}" = protocol=6 | dir=out | app=system |
"{784A83C3-2258-4F7C-ABF3-2A4A328AA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78EC69CE-053F-412B-AC28-2722B66C0E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7D1DE0BE-79F8-46FF-B38F-78EBFCDC06E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{915C0F03-2DA0-4DC2-81F7-BE59D151A627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94275EC7-C437-4517-9116-C7993D2F5A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB930DAB-D69F-4979-98F5-F8121B99882F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADEFF3B4-83D0-41E6-A139-EE06EEF2337B}" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B94911F1-D56F-4189-8016-547F33583E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C19AAA2A-1D4A-4136-9086-A9858DAD82A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1DDB058-B9F7-4D18-9876-45FCC8245389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66C1C97-0E3E-4C41-858D-46AE51949703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6C704B5-13D9-4E85-BFF6-09A8211F59D6}" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{1D3F0D53-F812-4346-91F9-7482DE757A31}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{2DEB07CC-C537-481A-9346-131597109249}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{6B9258EA-9CD3-4823-B59D-0AA1D2EBE00A}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"TCP Query User{7D63FFF2-75D6-46AF-B261-0ABA263B37D7}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{785F008C-33A0-482E-A5A9-2944504347F1}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{909B5985-1F84-440A-96AE-E0453AD62E31}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"UDP Query User{AAA0D1E3-1C2A-4144-A989-CD077071C71F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{C8B1DD81-E506-4D4E-9975-F46C579D115A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish
"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese
"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional
"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common
"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CE1803-BA5B-F103-47E8-296CD40EB98C}" = Photo Service - powered by myphotobook
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean
"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish
"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish
"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy
"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English
"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek
"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BILDmobil" = BILDmobil
"Bridge Construction Set_is1" = Bridge Construction Set 1.3.9.1
"CloneCD" = CloneCD
"Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ELECOM E-Force Laser Gaming Mouse14101" = ELECOM E-Force Laser Gaming Mouse
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QLDT" = Quake Live Demo Tools
"QLPrism" = QLPrism
"SopCast" = SopCast 3.5.0
"Star Sword_is1" = Star Sword
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.09.2012 22:59:16 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VLC 64bit.exe, Version: 2.0.2.0,
Zeitstempel: 0x4fec5841 Name des fehlerhaften Moduls: libpostproc_plugin.dll, Version:
0.0.0.0, Zeitstempel: 0x4fec5857 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000002c61
ID
des fehlerhaften Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01cd8ca3acc74c21
Pfad
der fehlerhaften Anwendung: C:\Users\OLI\Downloads\vlc-2.0.2\VLC 64bit.exe Pfad
des fehlerhaften Moduls: C:\Users\OLI\Downloads\vlc-2.0.2\plugins\video_filter\libpostproc_plugin.dll
Berichtskennung:
0215a03c-f898-11e1-9d2e-88ae1dfea539
Error - 09.09.2012 17:05:04 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.09.2012 06:25:20 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 24.09.2012 16:41:27 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XMedia Recode.exe, Version: 3.1.2.5,
Zeitstempel: 0x504e33a6 Name des fehlerhaften Moduls: XMedia Recode.exe, Version:
3.1.2.5, Zeitstempel: 0x504e33a6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000370a
ID
des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0x01cd9a92c6cf8b6f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
Berichtskennung:
361efa99-0688-11e2-a974-88ae1dfea539
Error - 28.09.2012 21:20:54 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Plugin Container for Firefox" konnte
nicht heruntergefahren werden.
Error - 28.09.2012 22:46:15 | Computer Name = Liebert | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
werden.
Error - 01.10.2012 05:08:23 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.10.2012 13:57:30 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 14.10.2012 14:34:45 | Computer Name = Liebert | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.1.4666,
Zeitstempel: 0x5076192e Name des fehlerhaften Moduls: xul.dll, Version: 16.0.1.4666,
Zeitstempel: 0x50761893 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000be717 ID des fehlerhaften
Prozesses: 0xe34 Startzeit der fehlerhaften Anwendung: 0x01cdaa33f8523935 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d2f6b52e-162d-11e2-b57b-88ae1dfea539
Error - 14.10.2012 15:16:32 | Computer Name = Liebert | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 15.02.2011 02:57:44 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:44 - Fehler beim Herstellen der Internetverbindung. 07:57:44
- Serververbindung konnte nicht hergestellt werden..
Error - 15.02.2011 02:57:57 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 07:57:49 - Fehler beim Herstellen der Internetverbindung. 07:57:49
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 16:45:15 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:15 - Fehler beim Herstellen der Internetverbindung. 21:45:15
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 16:45:26 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 21:45:21 - Fehler beim Herstellen der Internetverbindung. 21:45:21
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 17:45:31 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:31 - Fehler beim Herstellen der Internetverbindung. 22:45:31
- Serververbindung konnte nicht hergestellt werden..
Error - 16.02.2011 17:45:37 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 22:45:36 - Fehler beim Herstellen der Internetverbindung. 22:45:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.03.2011 15:05:40 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:40 - Fehler beim Herstellen der Internetverbindung. 20:05:40
- Serververbindung konnte nicht hergestellt werden..
Error - 17.03.2011 15:05:51 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:05:45 - Fehler beim Herstellen der Internetverbindung. 20:05:45
- Serververbindung konnte nicht hergestellt werden..
Error - 27.06.2011 14:01:58 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:01:58 - Fehler beim Herstellen der Internetverbindung. 20:01:58
- Serververbindung konnte nicht hergestellt werden..
Error - 27.06.2011 14:02:08 | Computer Name = Liebert | Source = MCUpdate | ID = 0
Description = 20:02:03 - Fehler beim Herstellen der Internetverbindung. 20:02:03
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.05.2013 07:09:59 | Computer Name = Liebert | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 13:08:53 unerwartet heruntergefahren.
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 03.05.2013 07:10:45 | Computer Name = Liebert | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Software Protection erreicht.
Error - 03.05.2013 07:55:53 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 04.05.2013 00:30:59 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 04.05.2013 05:55:17 | Computer Name = Liebert | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht
richtig gestartet.
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = DCOM | ID = 10005
Description =
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft-Softwareschattenkopie-Anbieter erreicht.
Error - 04.05.2013 06:28:07 | Computer Name = Liebert | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-04 14:41:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 TOSHIBA_ rev.GH10 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\OLI\AppData\Local\Temp\ufddapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fee000 63 bytes [00, EC, F6, 02, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff80002fee042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fb1465 2 bytes [FB, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fb14bb 2 bytes [FB, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1040:1176] 000007fefb6a8274
Thread C:\Windows\system32\svchost.exe [1040:3788] 000007fefb6a8274
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2724] 000000007175102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2732] 000000007145f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2740] 000000007145f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:2744] 00000000714555d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2512:3044] 00000000716fc159
Thread C:\Windows\system32\taskhost.exe [3768:4004] 000007fef4a12740
Thread C:\Windows\system32\taskhost.exe [3768:4052] 000007fef49f1f38
Thread C:\Windows\system32\taskhost.exe [3768:3852] 000007fefb991010
---- EOF - GMER 2.1 ----
|
|
04.05.2013, 15:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.05.2013, 15:54
| #3 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Hallo.
__________________Danke für die schnelle Reaktion. Hier sind noch gefundene Sachen von meinem vorherigen Kaspersky CBE 2011,die ich deswegen nicht gepostet habe,weil ich dachte nicht zuviel durcheinander zu posten und erstmal das akutere Problem lösen wollte. Code:
ATTFilter All Users:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT Gefunden: HiddenObject.Multi.Generic 30.04.2012 21:23:26 c:\Documents and Settings\ Protokolliert Untersuchung des Computers
All Users:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 30.04.2012 21:23:26 c:\Documents and Settings\ Zurückgestellt Untersuchung des Computers
ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT Gefunden: HiddenObject.Multi.Generic 30.04.2012 21:23:24 c:\ Protokolliert Untersuchung des Computers
ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT Nicht desinfizierte Objekte: HiddenObject.Multi.Generic 30.04.2012 21:23:24 c:\ Zurückgestellt Untersuchung des Computers
|
|
04.05.2013, 15:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2013, 16:05
| #5 | |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsamZitat:
|
|
04.05.2013, 16:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Ja poste bitte alle Logs
__________________ --> Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam |
|
04.05.2013, 17:07
| #7 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Soll ich bei aswMBR den QuickScan machen oder c: scannen? Da ist noch ein Auswahlkästchen,daß nicht in der Anleitung war und in der Anleitung nur steht nach der Virendatenbank-Aktualisierung den "Scan" Button drücken/starten. Also nehme ich dadurch an,daß ich alle Häkchen/Einstellungen so lassen soll ,wie sie sind und den Scan starten soll. Und die stehen halt auf "Quick Scan". Und bei tdsskiller ist widersprüchlich,daß man nach dem Scan die Funde nicht selber löschen soll,aber bei dem nächsten Schritt in der Anleitung "Starte den Rechner neu" ist eine Grafik und da steht "Infection: will be cured after reboot". Deswegen hab ich mich noch nich getraut tdsskiller zu starten. Geändert von O.L.I. (04.05.2013 um 17:16 Uhr) |
|
04.05.2013, 22:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Quickscan mit aswMBR reicht und bei tdsskiller steht ausdrücklich, dass du nichts entfernen sollst!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2013, 01:01
| #9 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Sorry. Hätte ich deinen Absatz erst zuende gelesen bevor ich den Link für die Anleitung klicke,hätte ich es gleich gecheckt. Sorry. Passiert nich wwieder. MalwarebytesAnitmalware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.03.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 OLI :: LIEBERT [Administrator] 03.05.2013 11:56:58 mbam-log-2013-05-03 (11-56-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371500 Laufzeit: 53 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-04 17:35:29
-----------------------------
17:35:29.668 OS Version: Windows x64 6.1.7601 Service Pack 1
17:35:29.668 Number of processors: 2 586 0x603
17:35:29.668 ComputerName: LIEBERT UserName: OLI
17:35:30.167 Initialize success
17:37:05.874 AVAST engine defs: 13050400
17:38:42.704 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:38:42.719 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
17:38:42.829 Disk 0 MBR read successfully
17:38:42.844 Disk 0 MBR scan
17:38:42.844 Disk 0 Windows 7 default MBR code
17:38:42.860 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
17:38:42.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248
17:38:42.907 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152222 MB offset 313391104
17:38:43.047 Disk 0 scanning C:\Windows\system32\drivers
17:38:55.184 Service scanning
17:39:39.847 Modules scanning
17:39:39.847 Disk 0 trace - called modules:
17:39:39.878 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:39:39.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800329e490]
17:39:39.893 3 CLASSPNP.SYS[fffff8800209643f] -> nt!IofCallDriver -> [0xfffffa80021db040]
17:39:39.893 5 amdxata.sys[fffff88000c647a8] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80030ee5e0]
17:39:40.408 AVAST engine scan C:\Windows
17:39:42.545 AVAST engine scan C:\Windows\system32
17:43:07.483 AVAST engine scan C:\Windows\system32\drivers
17:43:21.585 AVAST engine scan C:\Users\OLI
17:47:50.015 AVAST engine scan C:\ProgramData
17:51:05.468 Scan finished successfully
17:51:22.191 Disk 0 MBR has been saved successfully to "C:\Users\OLI\Desktop\MBR.dat"
17:51:22.191 The log file has been saved successfully to "C:\Users\OLI\Desktop\aswMBR.txt"
mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.04.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OLI :: LIEBERT [administrator]
04.05.2013 17:27:25
mbar-log-2013-05-04 (17-27-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29176
Time elapsed: 13 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
tdsskiller Code:
ATTFilter 01:51:00.0440 2196 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:51:00.0799 2196 ============================================================
01:51:00.0799 2196 Current date / time: 2013/05/05 01:51:00.0799
01:51:00.0799 2196 SystemInfo:
01:51:00.0799 2196
01:51:00.0799 2196 OS Version: 6.1.7601 ServicePack: 1.0
01:51:00.0799 2196 Product type: Workstation
01:51:00.0799 2196 ComputerName: LIEBERT
01:51:00.0799 2196 UserName: OLI
01:51:00.0799 2196 Windows directory: C:\Windows
01:51:00.0799 2196 System windows directory: C:\Windows
01:51:00.0799 2196 Running under WOW64
01:51:00.0799 2196 Processor architecture: Intel x64
01:51:00.0799 2196 Number of processors: 2
01:51:00.0799 2196 Page size: 0x1000
01:51:00.0799 2196 Boot type: Normal boot
01:51:00.0799 2196 ============================================================
01:51:02.0156 2196 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:51:02.0172 2196 ============================================================
01:51:02.0172 2196 \Device\Harddisk0\DR0:
01:51:02.0172 2196 MBR partitions:
01:51:02.0172 2196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
01:51:02.0172 2196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
01:51:02.0172 2196 ============================================================
01:51:02.0203 2196 C: <-> \Device\Harddisk0\DR0\Partition1
01:51:02.0234 2196 D: <-> \Device\Harddisk0\DR0\Partition2
01:51:02.0234 2196 ============================================================
01:51:02.0234 2196 Initialize success
01:51:02.0234 2196 ============================================================
01:51:14.0808 2612 ============================================================
01:51:14.0808 2612 Scan started
01:51:14.0808 2612 Mode: Manual; SigCheck; TDLFS;
01:51:14.0808 2612 ============================================================
01:51:16.0758 2612 ================ Scan system memory ========================
01:51:16.0758 2612 System memory - ok
01:51:16.0758 2612 ================ Scan services =============================
01:51:16.0898 2612 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:51:17.0163 2612 1394ohci - ok
01:51:17.0210 2612 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:51:17.0226 2612 ACPI - ok
01:51:17.0272 2612 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:51:17.0335 2612 AcpiPmi - ok
01:51:17.0428 2612 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:51:17.0444 2612 AdobeARMservice - ok
01:51:17.0553 2612 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:51:17.0569 2612 AdobeFlashPlayerUpdateSvc - ok
01:51:17.0616 2612 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:51:17.0631 2612 adp94xx - ok
01:51:17.0662 2612 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:51:17.0678 2612 adpahci - ok
01:51:17.0694 2612 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:51:17.0709 2612 adpu320 - ok
01:51:17.0772 2612 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
01:51:17.0803 2612 AdvancedSystemCareService5 - ok
01:51:17.0834 2612 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:51:17.0943 2612 AeLookupSvc - ok
01:51:17.0990 2612 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:51:18.0037 2612 AFD - ok
01:51:18.0068 2612 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:51:18.0084 2612 agp440 - ok
01:51:18.0115 2612 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:51:18.0177 2612 ALG - ok
01:51:18.0193 2612 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:51:18.0208 2612 aliide - ok
01:51:18.0240 2612 [ 8FB0FE84496291F35090DA6352889472 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:51:18.0318 2612 AMD External Events Utility - ok
01:51:18.0349 2612 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:51:18.0364 2612 amdide - ok
01:51:18.0396 2612 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:51:18.0442 2612 AmdK8 - ok
01:51:18.0598 2612 [ 0D8BA29B572C916669F267706ED498CD ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:51:18.0817 2612 amdkmdag - ok
01:51:18.0832 2612 [ 5D06AB33F2C1F2265D57C8975514D9D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:51:18.0879 2612 amdkmdap - ok
01:51:18.0895 2612 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:51:18.0926 2612 AmdPPM - ok
01:51:18.0957 2612 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
01:51:18.0988 2612 amdsata - ok
01:51:19.0020 2612 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:51:19.0035 2612 amdsbs - ok
01:51:19.0066 2612 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
01:51:19.0082 2612 amdxata - ok
01:51:19.0113 2612 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:51:19.0269 2612 AppID - ok
01:51:19.0300 2612 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:51:19.0363 2612 AppIDSvc - ok
01:51:19.0410 2612 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:51:19.0472 2612 Appinfo - ok
01:51:19.0503 2612 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:51:19.0519 2612 arc - ok
01:51:19.0534 2612 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:51:19.0550 2612 arcsas - ok
01:51:19.0566 2612 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:51:19.0628 2612 AsyncMac - ok
01:51:19.0659 2612 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:51:19.0675 2612 atapi - ok
01:51:19.0722 2612 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
01:51:19.0722 2612 AtiPcie - ok
01:51:19.0800 2612 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
01:51:19.0815 2612 atksgt - ok
01:51:19.0878 2612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:51:19.0940 2612 AudioEndpointBuilder - ok
01:51:19.0940 2612 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:51:19.0987 2612 AudioSrv - ok
01:51:20.0049 2612 [ 38AE54966E8C0004F20965BBC00F74FB ] AVP C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
01:51:20.0065 2612 AVP - ok
01:51:20.0096 2612 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:51:20.0190 2612 AxInstSV - ok
01:51:20.0221 2612 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:51:20.0283 2612 b06bdrv - ok
01:51:20.0314 2612 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:51:20.0361 2612 b57nd60a - ok
01:51:20.0470 2612 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
01:51:20.0486 2612 BBSvc - ok
01:51:20.0533 2612 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
01:51:20.0548 2612 BBUpdate - ok
01:51:20.0564 2612 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:51:20.0626 2612 BDESVC - ok
01:51:20.0642 2612 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:51:20.0704 2612 Beep - ok
01:51:20.0736 2612 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:51:20.0798 2612 BFE - ok
01:51:20.0845 2612 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:51:20.0923 2612 BITS - ok
01:51:20.0938 2612 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:51:20.0954 2612 blbdrive - ok
01:51:21.0001 2612 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:51:21.0032 2612 bowser - ok
01:51:21.0063 2612 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:51:21.0110 2612 BrFiltLo - ok
01:51:21.0110 2612 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:51:21.0141 2612 BrFiltUp - ok
01:51:21.0172 2612 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:51:21.0219 2612 Browser - ok
01:51:21.0250 2612 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:51:21.0328 2612 Brserid - ok
01:51:21.0344 2612 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:51:21.0422 2612 BrSerWdm - ok
01:51:21.0453 2612 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:51:21.0516 2612 BrUsbMdm - ok
01:51:21.0547 2612 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:51:21.0578 2612 BrUsbSer - ok
01:51:21.0609 2612 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:51:21.0640 2612 BTHMODEM - ok
01:51:21.0672 2612 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:51:21.0718 2612 bthserv - ok
01:51:21.0734 2612 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:51:21.0812 2612 cdfs - ok
01:51:21.0843 2612 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:51:21.0874 2612 cdrom - ok
01:51:21.0921 2612 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
01:51:21.0921 2612 CeKbFilter - ok
01:51:21.0952 2612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:51:21.0999 2612 CertPropSvc - ok
01:51:22.0077 2612 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
01:51:22.0093 2612 cfWiMAXService - ok
01:51:22.0124 2612 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:51:22.0155 2612 circlass - ok
01:51:22.0186 2612 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:51:22.0218 2612 CLFS - ok
01:51:22.0280 2612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:51:22.0296 2612 clr_optimization_v2.0.50727_32 - ok
01:51:22.0358 2612 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:51:22.0374 2612 clr_optimization_v2.0.50727_64 - ok
01:51:22.0436 2612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:51:22.0514 2612 clr_optimization_v4.0.30319_32 - ok
01:51:22.0592 2612 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:51:22.0608 2612 clr_optimization_v4.0.30319_64 - ok
01:51:22.0623 2612 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:51:22.0670 2612 CmBatt - ok
01:51:22.0701 2612 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:51:22.0717 2612 cmdide - ok
01:51:22.0764 2612 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
01:51:22.0826 2612 CNG - ok
01:51:22.0842 2612 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:51:22.0857 2612 Compbatt - ok
01:51:22.0904 2612 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:51:22.0935 2612 CompositeBus - ok
01:51:22.0951 2612 COMSysApp - ok
01:51:22.0966 2612 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
01:51:22.0982 2612 ConfigFree Service - ok
01:51:23.0013 2612 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:51:23.0029 2612 crcdisk - ok
01:51:23.0076 2612 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:51:23.0122 2612 CryptSvc - ok
01:51:23.0216 2612 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:51:23.0247 2612 cvhsvc - ok
01:51:23.0278 2612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:51:23.0356 2612 DcomLaunch - ok
01:51:23.0388 2612 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:51:23.0434 2612 defragsvc - ok
01:51:23.0466 2612 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:51:23.0528 2612 DfsC - ok
01:51:23.0559 2612 [ FFCCD922F305B8CFBA8D99F65E35EDD7 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
01:51:23.0575 2612 dgderdrv - ok
01:51:23.0606 2612 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:51:23.0668 2612 Dhcp - ok
01:51:23.0700 2612 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:51:23.0746 2612 discache - ok
01:51:23.0762 2612 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:51:23.0778 2612 Disk - ok
01:51:23.0809 2612 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:51:23.0856 2612 Dnscache - ok
01:51:23.0887 2612 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:51:23.0934 2612 dot3svc - ok
01:51:23.0980 2612 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:51:24.0027 2612 DPS - ok
01:51:24.0058 2612 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:51:24.0090 2612 drmkaud - ok
01:51:24.0136 2612 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:51:24.0168 2612 DXGKrnl - ok
01:51:24.0199 2612 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:51:24.0246 2612 EapHost - ok
01:51:24.0339 2612 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:51:24.0480 2612 ebdrv - ok
01:51:24.0511 2612 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:51:24.0573 2612 EFS - ok
01:51:24.0636 2612 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:51:24.0714 2612 ehRecvr - ok
01:51:24.0729 2612 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:51:24.0792 2612 ehSched - ok
01:51:24.0885 2612 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
01:51:24.0901 2612 ElbyCDFL - ok
01:51:24.0963 2612 [ 3836E2DB9034543F63943CDBB52A691A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
01:51:24.0979 2612 ElbyCDIO - ok
01:51:25.0010 2612 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:51:25.0026 2612 elxstor - ok
01:51:25.0041 2612 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:51:25.0072 2612 ErrDev - ok
01:51:25.0104 2612 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:51:25.0150 2612 EventSystem - ok
01:51:25.0182 2612 [ 53913561A7089C9A4649CE4E42F6101B ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
01:51:25.0213 2612 ewusbnet - ok
01:51:25.0228 2612 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:51:25.0275 2612 exfat - ok
01:51:25.0306 2612 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:51:25.0384 2612 fastfat - ok
01:51:25.0431 2612 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:51:25.0494 2612 Fax - ok
01:51:25.0525 2612 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:51:25.0540 2612 fdc - ok
01:51:25.0572 2612 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:51:25.0618 2612 fdPHost - ok
01:51:25.0650 2612 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:51:25.0696 2612 FDResPub - ok
01:51:25.0728 2612 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:51:25.0743 2612 FileInfo - ok
01:51:25.0759 2612 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:51:25.0806 2612 Filetrace - ok
01:51:25.0837 2612 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:51:25.0852 2612 flpydisk - ok
01:51:25.0899 2612 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:51:25.0915 2612 FltMgr - ok
01:51:25.0977 2612 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:51:26.0040 2612 FontCache - ok
01:51:26.0086 2612 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:51:26.0102 2612 FontCache3.0.0.0 - ok
01:51:26.0133 2612 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:51:26.0149 2612 FsDepends - ok
01:51:26.0164 2612 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:51:26.0180 2612 Fs_Rec - ok
01:51:26.0227 2612 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:51:26.0242 2612 fvevol - ok
01:51:26.0274 2612 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:51:26.0289 2612 gagp30kx - ok
01:51:26.0336 2612 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:51:26.0398 2612 gpsvc - ok
01:51:26.0461 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:26.0476 2612 gupdate - ok
01:51:26.0492 2612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:26.0492 2612 gupdatem - ok
01:51:26.0523 2612 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:51:26.0570 2612 hcw85cir - ok
01:51:26.0601 2612 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:51:26.0632 2612 HdAudAddService - ok
01:51:26.0664 2612 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:51:26.0695 2612 HDAudBus - ok
01:51:26.0710 2612 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:51:26.0742 2612 HidBatt - ok
01:51:26.0773 2612 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:51:26.0788 2612 HidBth - ok
01:51:26.0820 2612 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:51:26.0835 2612 HidIr - ok
01:51:26.0866 2612 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:51:26.0913 2612 hidserv - ok
01:51:26.0960 2612 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:51:26.0976 2612 HidUsb - ok
01:51:27.0007 2612 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:51:27.0069 2612 hkmsvc - ok
01:51:27.0116 2612 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:51:27.0163 2612 HomeGroupListener - ok
01:51:27.0210 2612 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:51:27.0241 2612 HomeGroupProvider - ok
01:51:27.0256 2612 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:51:27.0272 2612 HpSAMD - ok
01:51:27.0319 2612 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:51:27.0397 2612 HTTP - ok
01:51:27.0428 2612 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:51:27.0459 2612 hwdatacard - ok
01:51:27.0490 2612 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:51:27.0506 2612 hwpolicy - ok
01:51:27.0537 2612 [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
01:51:27.0553 2612 hwusbdev - ok
01:51:27.0600 2612 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:51:27.0615 2612 i8042prt - ok
01:51:27.0662 2612 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:51:27.0693 2612 iaStorV - ok
01:51:27.0771 2612 [ 4DE2EE2A5186D74BABC4E7F60D2AE989 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
01:51:27.0818 2612 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
01:51:27.0818 2612 IconMan_R - detected UnsignedFile.Multi.Generic (1)
01:51:27.0896 2612 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:51:27.0912 2612 idsvc - ok
01:51:27.0927 2612 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:51:27.0943 2612 iirsp - ok
01:51:27.0990 2612 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:51:28.0052 2612 IKEEXT - ok
01:51:28.0130 2612 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:51:28.0208 2612 IntcAzAudAddService - ok
01:51:28.0224 2612 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:51:28.0239 2612 intelide - ok
01:51:28.0270 2612 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:51:28.0302 2612 intelppm - ok
01:51:28.0333 2612 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:51:28.0380 2612 IPBusEnum - ok
01:51:28.0411 2612 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:51:28.0458 2612 IpFilterDriver - ok
01:51:28.0504 2612 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:51:28.0567 2612 iphlpsvc - ok
01:51:28.0598 2612 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:51:28.0629 2612 IPMIDRV - ok
01:51:28.0660 2612 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:51:28.0707 2612 IPNAT - ok
01:51:28.0723 2612 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:51:28.0738 2612 IRENUM - ok
01:51:28.0754 2612 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:51:28.0770 2612 isapnp - ok
01:51:28.0801 2612 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:51:28.0832 2612 iScsiPrt - ok
01:51:28.0863 2612 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:51:28.0879 2612 kbdclass - ok
01:51:28.0894 2612 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:51:28.0910 2612 kbdhid - ok
01:51:28.0926 2612 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:51:28.0941 2612 KeyIso - ok
01:51:28.0988 2612 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
01:51:29.0019 2612 KL1 - ok
01:51:29.0035 2612 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
01:51:29.0035 2612 kl2 - ok
01:51:29.0097 2612 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
01:51:29.0113 2612 KLIF - ok
01:51:29.0175 2612 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
01:51:29.0191 2612 KLIM6 - ok
01:51:29.0191 2612 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
01:51:29.0206 2612 klmouflt - ok
01:51:29.0238 2612 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
01:51:29.0253 2612 KMWDFILTER - ok
01:51:29.0284 2612 [ CC362AF6C5D13C3C5403819577ABD8C9 ] KMWDFILTERV1 C:\Windows\system32\DRIVERS\RPGMOUSEV1.sys
01:51:29.0316 2612 KMWDFILTERV1 - ok
01:51:29.0362 2612 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:51:29.0378 2612 KSecDD - ok
01:51:29.0409 2612 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:51:29.0425 2612 KSecPkg - ok
01:51:29.0456 2612 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:51:29.0503 2612 ksthunk - ok
01:51:29.0534 2612 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:51:29.0596 2612 KtmRm - ok
01:51:29.0643 2612 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:51:29.0690 2612 LanmanServer - ok
01:51:29.0721 2612 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:51:29.0768 2612 LanmanWorkstation - ok
01:51:29.0799 2612 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
01:51:29.0815 2612 lirsgt - ok
01:51:29.0830 2612 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:51:29.0893 2612 lltdio - ok
01:51:29.0924 2612 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:51:29.0986 2612 lltdsvc - ok
01:51:30.0002 2612 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:51:30.0049 2612 lmhosts - ok
01:51:30.0080 2612 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
01:51:30.0096 2612 LPCFilter - ok
01:51:30.0111 2612 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:51:30.0127 2612 LSI_FC - ok
01:51:30.0158 2612 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:51:30.0174 2612 LSI_SAS - ok
01:51:30.0205 2612 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:51:30.0205 2612 LSI_SAS2 - ok
01:51:30.0220 2612 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:51:30.0236 2612 LSI_SCSI - ok
01:51:30.0267 2612 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:51:30.0314 2612 luafv - ok
01:51:30.0345 2612 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:51:30.0361 2612 Mcx2Svc - ok
01:51:30.0376 2612 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:51:30.0392 2612 megasas - ok
01:51:30.0408 2612 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:51:30.0439 2612 MegaSR - ok
01:51:30.0454 2612 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:51:30.0517 2612 MMCSS - ok
01:51:30.0532 2612 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:51:30.0579 2612 Modem - ok
01:51:30.0610 2612 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:51:30.0642 2612 monitor - ok
01:51:30.0673 2612 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:51:30.0688 2612 mouclass - ok
01:51:30.0720 2612 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:51:30.0735 2612 mouhid - ok
01:51:30.0766 2612 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:51:30.0782 2612 mountmgr - ok
01:51:30.0876 2612 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:51:30.0876 2612 MozillaMaintenance - ok
01:51:30.0907 2612 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:51:30.0922 2612 mpio - ok
01:51:30.0938 2612 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:51:31.0000 2612 mpsdrv - ok
01:51:31.0032 2612 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:51:31.0110 2612 MpsSvc - ok
01:51:31.0141 2612 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:51:31.0156 2612 MRxDAV - ok
01:51:31.0188 2612 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:51:31.0219 2612 mrxsmb - ok
01:51:31.0266 2612 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:51:31.0297 2612 mrxsmb10 - ok
01:51:31.0312 2612 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:51:31.0344 2612 mrxsmb20 - ok
01:51:31.0375 2612 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:51:31.0390 2612 msahci - ok
01:51:31.0406 2612 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:51:31.0422 2612 msdsm - ok
01:51:31.0437 2612 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:51:31.0453 2612 MSDTC - ok
01:51:31.0484 2612 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:51:31.0531 2612 Msfs - ok
01:51:31.0562 2612 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:51:31.0640 2612 mshidkmdf - ok
01:51:31.0656 2612 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:51:31.0656 2612 msisadrv - ok
01:51:31.0687 2612 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:51:31.0734 2612 MSiSCSI - ok
01:51:31.0749 2612 msiserver - ok
01:51:31.0765 2612 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:51:31.0812 2612 MSKSSRV - ok
01:51:31.0827 2612 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:51:31.0890 2612 MSPCLOCK - ok
01:51:31.0905 2612 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:51:31.0952 2612 MSPQM - ok
01:51:31.0983 2612 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:51:31.0999 2612 MsRPC - ok
01:51:32.0046 2612 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:51:32.0061 2612 mssmbios - ok
01:51:32.0077 2612 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:51:32.0124 2612 MSTEE - ok
01:51:32.0155 2612 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:51:32.0186 2612 MTConfig - ok
01:51:32.0202 2612 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:51:32.0217 2612 Mup - ok
01:51:32.0248 2612 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:51:32.0311 2612 napagent - ok
01:51:32.0342 2612 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:51:32.0389 2612 NativeWifiP - ok
01:51:32.0436 2612 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:51:32.0467 2612 NDIS - ok
01:51:32.0498 2612 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:51:32.0545 2612 NdisCap - ok
01:51:32.0545 2612 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:51:32.0592 2612 NdisTapi - ok
01:51:32.0623 2612 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:51:32.0685 2612 Ndisuio - ok
01:51:32.0716 2612 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:51:32.0779 2612 NdisWan - ok
01:51:32.0810 2612 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:51:32.0857 2612 NDProxy - ok
01:51:32.0888 2612 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:51:32.0935 2612 NetBIOS - ok
01:51:32.0966 2612 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:51:33.0013 2612 NetBT - ok
01:51:33.0028 2612 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:51:33.0044 2612 Netlogon - ok
01:51:33.0075 2612 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:51:33.0138 2612 Netman - ok
01:51:33.0138 2612 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:51:33.0200 2612 netprofm - ok
01:51:33.0231 2612 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:51:33.0247 2612 NetTcpPortSharing - ok
01:51:33.0278 2612 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:51:33.0294 2612 nfrd960 - ok
01:51:33.0325 2612 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:51:33.0356 2612 NlaSvc - ok
01:51:33.0372 2612 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:51:33.0403 2612 Npfs - ok
01:51:33.0434 2612 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:51:33.0465 2612 nsi - ok
01:51:33.0481 2612 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:51:33.0528 2612 nsiproxy - ok
01:51:33.0590 2612 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:51:33.0637 2612 Ntfs - ok
01:51:33.0684 2612 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:51:33.0730 2612 Null - ok
01:51:33.0762 2612 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:51:33.0777 2612 nvraid - ok
01:51:33.0793 2612 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:51:33.0808 2612 nvstor - ok
01:51:33.0840 2612 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:51:33.0855 2612 nv_agp - ok
01:51:33.0871 2612 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:51:33.0902 2612 ohci1394 - ok
01:51:33.0933 2612 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:51:33.0949 2612 ose - ok
01:51:34.0105 2612 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:51:34.0198 2612 osppsvc - ok
01:51:34.0230 2612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:51:34.0276 2612 p2pimsvc - ok
01:51:34.0308 2612 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:51:34.0354 2612 p2psvc - ok
01:51:34.0370 2612 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:51:34.0401 2612 Parport - ok
01:51:34.0432 2612 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:51:34.0448 2612 partmgr - ok
01:51:34.0479 2612 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:51:34.0510 2612 PcaSvc - ok
01:51:34.0542 2612 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
01:51:34.0573 2612 pccsmcfd - ok
01:51:34.0604 2612 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:51:34.0620 2612 pci - ok
01:51:34.0635 2612 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:51:34.0635 2612 pciide - ok
01:51:34.0682 2612 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:51:34.0698 2612 pcmcia - ok
01:51:34.0713 2612 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:51:34.0729 2612 pcw - ok
01:51:34.0760 2612 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:51:34.0822 2612 PEAUTH - ok
01:51:34.0885 2612 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:51:34.0916 2612 PerfHost - ok
01:51:34.0963 2612 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
01:51:34.0978 2612 PGEffect - ok
01:51:35.0041 2612 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:51:35.0103 2612 pla - ok
01:51:35.0134 2612 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:51:35.0197 2612 PlugPlay - ok
01:51:35.0212 2612 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:51:35.0244 2612 PNRPAutoReg - ok
01:51:35.0275 2612 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:51:35.0290 2612 PNRPsvc - ok
01:51:35.0322 2612 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:51:35.0384 2612 PolicyAgent - ok
01:51:35.0415 2612 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:51:35.0446 2612 Power - ok
01:51:35.0493 2612 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:51:35.0524 2612 PptpMiniport - ok
01:51:35.0556 2612 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:51:35.0571 2612 Processor - ok
01:51:35.0618 2612 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:51:35.0649 2612 ProfSvc - ok
01:51:35.0665 2612 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:51:35.0680 2612 ProtectedStorage - ok
01:51:35.0712 2612 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:51:35.0758 2612 Psched - ok
01:51:35.0821 2612 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:51:35.0852 2612 ql2300 - ok
01:51:35.0868 2612 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:51:35.0883 2612 ql40xx - ok
01:51:35.0914 2612 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:51:35.0930 2612 QWAVE - ok
01:51:35.0961 2612 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:51:36.0008 2612 QWAVEdrv - ok
01:51:36.0024 2612 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:51:36.0070 2612 RasAcd - ok
01:51:36.0086 2612 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:51:36.0117 2612 RasAgileVpn - ok
01:51:36.0148 2612 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:51:36.0211 2612 RasAuto - ok
01:51:36.0242 2612 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:51:36.0289 2612 Rasl2tp - ok
01:51:36.0320 2612 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:51:36.0367 2612 RasMan - ok
01:51:36.0414 2612 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:51:36.0460 2612 RasPppoe - ok
01:51:36.0476 2612 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:51:36.0538 2612 RasSstp - ok
01:51:36.0570 2612 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:51:36.0616 2612 rdbss - ok
01:51:36.0648 2612 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:51:36.0679 2612 rdpbus - ok
01:51:36.0694 2612 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:51:36.0741 2612 RDPCDD - ok
01:51:36.0757 2612 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:51:36.0804 2612 RDPENCDD - ok
01:51:36.0835 2612 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:51:36.0882 2612 RDPREFMP - ok
01:51:36.0960 2612 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:51:37.0006 2612 RdpVideoMiniport - ok
01:51:37.0053 2612 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:51:37.0116 2612 RDPWD - ok
01:51:37.0147 2612 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:51:37.0162 2612 rdyboost - ok
01:51:37.0194 2612 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:51:37.0240 2612 RemoteAccess - ok
01:51:37.0272 2612 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:51:37.0318 2612 RemoteRegistry - ok
01:51:37.0350 2612 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:51:37.0381 2612 RpcEptMapper - ok
01:51:37.0396 2612 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:51:37.0428 2612 RpcLocator - ok
01:51:37.0474 2612 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:51:37.0521 2612 RpcSs - ok
01:51:37.0552 2612 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:51:37.0615 2612 rspndr - ok
01:51:37.0646 2612 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
01:51:37.0662 2612 RSUSBSTOR - ok
01:51:37.0693 2612 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:51:37.0724 2612 RTL8167 - ok
01:51:37.0771 2612 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
01:51:37.0802 2612 RTL8192Ce - ok
01:51:37.0818 2612 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:51:37.0833 2612 SamSs - ok
01:51:37.0864 2612 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:51:37.0880 2612 sbp2port - ok
01:51:37.0911 2612 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:51:37.0974 2612 SCardSvr - ok
01:51:37.0989 2612 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:51:38.0036 2612 scfilter - ok
01:51:38.0083 2612 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:51:38.0145 2612 Schedule - ok
01:51:38.0176 2612 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:51:38.0223 2612 SCPolicySvc - ok
01:51:38.0239 2612 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:51:38.0301 2612 SDRSVC - ok
01:51:38.0317 2612 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:51:38.0364 2612 secdrv - ok
01:51:38.0410 2612 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:51:38.0442 2612 seclogon - ok
01:51:38.0473 2612 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:51:38.0520 2612 SENS - ok
01:51:38.0535 2612 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:51:38.0551 2612 SensrSvc - ok
01:51:38.0566 2612 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:51:38.0598 2612 Serenum - ok
01:51:38.0629 2612 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:51:38.0660 2612 Serial - ok
01:51:38.0676 2612 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:51:38.0707 2612 sermouse - ok
01:51:38.0769 2612 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
01:51:38.0785 2612 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
01:51:38.0785 2612 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
01:51:38.0832 2612 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:51:38.0878 2612 SessionEnv - ok
01:51:38.0910 2612 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:51:38.0941 2612 sffdisk - ok
01:51:38.0956 2612 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:51:38.0988 2612 sffp_mmc - ok
01:51:39.0003 2612 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:51:39.0019 2612 sffp_sd - ok
01:51:39.0050 2612 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:51:39.0066 2612 sfloppy - ok
01:51:39.0097 2612 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
01:51:39.0128 2612 Sftfs - ok
01:51:39.0190 2612 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:51:39.0206 2612 sftlist - ok
01:51:39.0237 2612 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:51:39.0253 2612 Sftplay - ok
01:51:39.0284 2612 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:51:39.0284 2612 Sftredir - ok
01:51:39.0300 2612 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
01:51:39.0315 2612 Sftvol - ok
01:51:39.0315 2612 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:51:39.0331 2612 sftvsa - ok
01:51:39.0393 2612 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:51:39.0456 2612 SharedAccess - ok
01:51:39.0487 2612 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:51:39.0534 2612 ShellHWDetection - ok
01:51:39.0565 2612 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:51:39.0580 2612 SiSRaid2 - ok
01:51:39.0596 2612 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:51:39.0612 2612 SiSRaid4 - ok
01:51:39.0690 2612 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:51:39.0705 2612 SkypeUpdate - ok
01:51:39.0736 2612 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:51:39.0783 2612 Smb - ok
01:51:39.0814 2612 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:51:39.0830 2612 SNMPTRAP - ok
01:51:39.0861 2612 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:51:39.0861 2612 spldr - ok
01:51:39.0924 2612 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:51:39.0955 2612 Spooler - ok
01:51:40.0048 2612 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:51:40.0158 2612 sppsvc - ok
01:51:40.0189 2612 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:51:40.0251 2612 sppuinotify - ok
01:51:40.0282 2612 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:51:40.0329 2612 srv - ok
01:51:40.0345 2612 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:51:40.0376 2612 srv2 - ok
01:51:40.0407 2612 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:51:40.0438 2612 srvnet - ok
01:51:40.0470 2612 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:51:40.0532 2612 SSDPSRV - ok
01:51:40.0548 2612 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:51:40.0610 2612 SstpSvc - ok
01:51:40.0641 2612 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
01:51:40.0641 2612 ss_bbus - ok
01:51:40.0672 2612 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
01:51:40.0688 2612 ss_bmdfl - ok
01:51:40.0719 2612 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
01:51:40.0735 2612 ss_bmdm - ok
01:51:40.0750 2612 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
01:51:40.0782 2612 ss_bserd - ok
01:51:40.0813 2612 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:51:40.0828 2612 stexstor - ok
01:51:40.0860 2612 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:51:40.0906 2612 stisvc - ok
01:51:40.0953 2612 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:51:40.0969 2612 swenum - ok
01:51:41.0000 2612 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:51:41.0047 2612 swprv - ok
01:51:41.0094 2612 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:51:41.0109 2612 SynTP - ok
01:51:41.0172 2612 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:51:41.0234 2612 SysMain - ok
01:51:41.0281 2612 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:51:41.0312 2612 TabletInputService - ok
01:51:41.0343 2612 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:51:41.0406 2612 TapiSrv - ok
01:51:41.0437 2612 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:51:41.0484 2612 TBS - ok
01:51:41.0546 2612 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:51:41.0608 2612 Tcpip - ok
01:51:41.0640 2612 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:51:41.0686 2612 TCPIP6 - ok
01:51:41.0733 2612 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:51:41.0749 2612 tcpipreg - ok
01:51:41.0780 2612 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
01:51:41.0780 2612 tdcmdpst - ok
01:51:41.0811 2612 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:51:41.0858 2612 TDPIPE - ok
01:51:41.0889 2612 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:51:41.0920 2612 TDTCP - ok
01:51:41.0952 2612 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:51:42.0014 2612 tdx - ok
01:51:42.0045 2612 [ 40E154B3125E17CE6F2AFAD57AFCFEB2 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
01:51:42.0061 2612 TemproMonitoringService - ok
01:51:42.0108 2612 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:51:42.0108 2612 TermDD - ok
01:51:42.0154 2612 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:51:42.0201 2612 TermService - ok
01:51:42.0232 2612 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
01:51:42.0248 2612 TFsExDisk - ok
01:51:42.0264 2612 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:51:42.0295 2612 Themes - ok
01:51:42.0310 2612 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:51:42.0357 2612 THREADORDER - ok
01:51:42.0420 2612 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
01:51:42.0435 2612 TMachInfo - ok
01:51:42.0451 2612 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
01:51:42.0466 2612 TODDSrv - ok
01:51:42.0544 2612 [ 15CA4B185EA8AEF71DD86181E6E0157E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:51:42.0560 2612 TosCoSrv - ok
01:51:42.0607 2612 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
01:51:42.0622 2612 TOSHIBA HDD SSD Alert Service - ok
01:51:42.0654 2612 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:51:42.0700 2612 TrkWks - ok
01:51:42.0763 2612 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:51:42.0810 2612 TrustedInstaller - ok
01:51:42.0856 2612 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:51:42.0888 2612 tssecsrv - ok
01:51:42.0919 2612 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:51:42.0966 2612 TsUsbFlt - ok
01:51:42.0997 2612 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:51:43.0044 2612 tunnel - ok
01:51:43.0075 2612 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
01:51:43.0090 2612 TVALZ - ok
01:51:43.0106 2612 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:51:43.0122 2612 uagp35 - ok
01:51:43.0168 2612 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:51:43.0215 2612 udfs - ok
01:51:43.0246 2612 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:51:43.0262 2612 UI0Detect - ok
01:51:43.0309 2612 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:51:43.0324 2612 uliagpkx - ok
01:51:43.0324 2612 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:51:43.0356 2612 umbus - ok
01:51:43.0387 2612 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:51:43.0418 2612 UmPass - ok
01:51:43.0465 2612 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:51:43.0527 2612 upnphost - ok
01:51:43.0543 2612 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:51:43.0590 2612 usbccgp - ok
01:51:43.0621 2612 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:51:43.0652 2612 usbcir - ok
01:51:43.0683 2612 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:51:43.0714 2612 usbehci - ok
01:51:43.0761 2612 [ 727F61CA058B3F30BE3EBE7B6FC81CB2 ] usbglcs1080101 C:\Windows\system32\DRIVERS\usbglcs1080101.sys
01:51:43.0824 2612 usbglcs1080101 - ok
01:51:43.0980 2612 [ 61EC488364DF6FD10C1A31C70043AB8A ] usbglcsservice C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe
01:51:44.0182 2612 usbglcsservice ( UnsignedFile.Multi.Generic ) - warning
01:51:44.0182 2612 usbglcsservice - detected UnsignedFile.Multi.Generic (1)
01:51:44.0229 2612 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:51:44.0260 2612 usbhub - ok
01:51:44.0292 2612 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:51:44.0307 2612 usbohci - ok
01:51:44.0338 2612 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:51:44.0370 2612 usbprint - ok
01:51:44.0401 2612 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:51:44.0463 2612 USBSTOR - ok
01:51:44.0479 2612 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:51:44.0510 2612 usbuhci - ok
01:51:44.0541 2612 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:51:44.0572 2612 usbvideo - ok
01:51:44.0588 2612 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:51:44.0650 2612 UxSms - ok
01:51:44.0666 2612 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:51:44.0682 2612 VaultSvc - ok
01:51:44.0713 2612 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:51:44.0728 2612 vdrvroot - ok
01:51:44.0775 2612 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:51:44.0822 2612 vds - ok
01:51:44.0853 2612 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:51:44.0869 2612 vga - ok
01:51:44.0884 2612 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:51:44.0916 2612 VgaSave - ok
01:51:44.0962 2612 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:51:44.0978 2612 vhdmp - ok
01:51:44.0994 2612 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:51:45.0009 2612 viaide - ok
01:51:45.0009 2612 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:51:45.0025 2612 volmgr - ok
01:51:45.0072 2612 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:51:45.0087 2612 volmgrx - ok
01:51:45.0134 2612 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:51:45.0150 2612 volsnap - ok
01:51:45.0181 2612 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:51:45.0196 2612 vsmraid - ok
01:51:45.0243 2612 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:51:45.0321 2612 VSS - ok
01:51:45.0337 2612 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:51:45.0368 2612 vwifibus - ok
01:51:45.0399 2612 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:51:45.0430 2612 vwififlt - ok
01:51:45.0446 2612 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:51:45.0477 2612 vwifimp - ok
01:51:45.0524 2612 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:51:45.0586 2612 W32Time - ok
01:51:45.0602 2612 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:51:45.0633 2612 WacomPen - ok
01:51:45.0664 2612 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:51:45.0696 2612 WANARP - ok
01:51:45.0696 2612 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:51:45.0742 2612 Wanarpv6 - ok
01:51:45.0789 2612 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:51:45.0883 2612 wbengine - ok
01:51:45.0914 2612 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:51:45.0945 2612 WbioSrvc - ok
01:51:45.0976 2612 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:51:46.0023 2612 wcncsvc - ok
01:51:46.0039 2612 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:51:46.0101 2612 WcsPlugInService - ok
01:51:46.0117 2612 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:51:46.0132 2612 Wd - ok
01:51:46.0179 2612 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:51:46.0210 2612 Wdf01000 - ok
01:51:46.0242 2612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:51:46.0304 2612 WdiServiceHost - ok
01:51:46.0320 2612 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:51:46.0335 2612 WdiSystemHost - ok
01:51:46.0382 2612 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:51:46.0413 2612 WebClient - ok
01:51:46.0444 2612 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:51:46.0507 2612 Wecsvc - ok
01:51:46.0522 2612 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:51:46.0569 2612 wercplsupport - ok
01:51:46.0585 2612 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:51:46.0632 2612 WerSvc - ok
01:51:46.0647 2612 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:51:46.0694 2612 WfpLwf - ok
01:51:46.0710 2612 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:51:46.0725 2612 WIMMount - ok
01:51:46.0725 2612 WinDefend - ok
01:51:46.0741 2612 WinHttpAutoProxySvc - ok
01:51:46.0788 2612 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:51:46.0834 2612 Winmgmt - ok
01:51:46.0959 2612 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
01:51:46.0975 2612 WinRing0_1_2_0 - ok
01:51:47.0037 2612 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:51:47.0100 2612 WinRM - ok
01:51:47.0146 2612 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:51:47.0162 2612 WinUsb - ok
01:51:47.0209 2612 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:51:47.0240 2612 Wlansvc - ok
01:51:47.0334 2612 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:51:47.0396 2612 wlidsvc - ok
01:51:47.0427 2612 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:51:47.0443 2612 WmiAcpi - ok
01:51:47.0490 2612 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:51:47.0536 2612 wmiApSrv - ok
01:51:47.0552 2612 WMPNetworkSvc - ok
01:51:47.0583 2612 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:51:47.0630 2612 WPCSvc - ok
01:51:47.0661 2612 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:51:47.0692 2612 WPDBusEnum - ok
01:51:47.0724 2612 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:51:47.0770 2612 ws2ifsl - ok
01:51:47.0802 2612 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:51:47.0833 2612 wscsvc - ok
01:51:47.0833 2612 WSearch - ok
01:51:47.0911 2612 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:51:47.0973 2612 wuauserv - ok
01:51:48.0004 2612 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:51:48.0020 2612 WudfPf - ok
01:51:48.0051 2612 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:51:48.0082 2612 WUDFRd - ok
01:51:48.0129 2612 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:51:48.0145 2612 wudfsvc - ok
01:51:48.0176 2612 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:51:48.0223 2612 WwanSvc - ok
01:51:48.0238 2612 ================ Scan global ===============================
01:51:48.0285 2612 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:51:48.0332 2612 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:51:48.0332 2612 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:51:48.0363 2612 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:51:48.0394 2612 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:51:48.0394 2612 [Global] - ok
01:51:48.0394 2612 ================ Scan MBR ==================================
01:51:48.0410 2612 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:51:49.0440 2612 \Device\Harddisk0\DR0 - ok
01:51:49.0440 2612 ================ Scan VBR ==================================
01:51:49.0471 2612 [ CDF68E27F745C65A9EE03530A56985AF ] \Device\Harddisk0\DR0\Partition1
01:51:49.0486 2612 \Device\Harddisk0\DR0\Partition1 - ok
01:51:49.0502 2612 [ EFAF6797D53B4BA28FF9B8D31918746F ] \Device\Harddisk0\DR0\Partition2
01:51:49.0518 2612 \Device\Harddisk0\DR0\Partition2 - ok
01:51:49.0518 2612 ============================================================
01:51:49.0518 2612 Scan finished
01:51:49.0518 2612 ============================================================
01:51:49.0518 3176 Detected object count: 3
01:51:49.0518 3176 Actual detected object count: 3
01:52:15.0975 3176 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0975 3176 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:15.0991 3176 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0991 3176 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:15.0991 3176 usbglcsservice ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:15.0991 3176 usbglcsservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:56:36.0665 2332 Deinitialize success
|
|
05.05.2013, 01:06
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2013, 01:56
| #11 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Hier die gefordeten Logfiles von ComboFix: Code:
ATTFilter ComboFix 13-05-04.01 - OLI 05.05.2013 2:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2812.1587 [GMT 2:00]
ausgeführt von:: c:\users\OLI\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-05 bis 2013-05-05 ))))))))))))))))))))))))))))))
.
.
2013-05-05 00:21 . 2013-05-05 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 09:34 . 2013-05-04 10:24 -------- d-----w- c:\users\OLI\AppData\Roaming\dvdcss
2013-04-23 18:34 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:43 . 2013-04-21 19:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-21 19:42 . 2013-04-21 19:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-21 19:42 . 2013-04-21 19:42 -------- d-----w- c:\program files (x86)\Java
2013-04-10 18:14 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:14 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:14 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:14 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 18:14 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 18:14 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:14 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 18:14 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 05:00 . 2013-04-09 05:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 19:42 . 2012-06-16 13:22 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-21 19:42 . 2010-08-31 16:29 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-11 22:08 . 2012-09-14 23:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 22:08 . 2012-09-14 23:03 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 23:44 . 2011-01-17 14:56 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-10-14 20:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-14 16:18 . 2013-03-14 16:18 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-15 02:42 . 2013-02-15 02:42 256947 ----a-w- c:\windows\QLPrism Uninstaller.exe
2013-02-12 05:45 . 2013-03-14 14:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 14:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 14:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 14:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 14:40 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 14:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 14:44 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe" [2012-07-31 428928]
"XBGameingMouse"="c:\program files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe" [2010-12-24 2450432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVP"="c:\program files (x86)\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 202296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 132608]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [2009-06-10 24576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 128000]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-22 16448]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 usbglcs1080101;Usb Human Interface Device;c:\windows\system32\DRIVERS\usbglcs1080101.sys [2010-12-24 24064]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-27 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 usbglcsservice;USBGLCS Service;c:\program files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe [2010-12-24 5865289]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2010-11-10 20592]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 22:08]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 19:34]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 19:34]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job
- c:\users\OLI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 18:15]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job
- c:\users\OLI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-25 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-19 2226280]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=
FF - prefs.js: network.proxy.ftp - 77.48.30.205
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 77.48.30.205
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 77.48.30.205
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 77.48.30.205
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,4e,be,b7,1b,d5,25,38,4f,3e,63,c7,51,d5,c3,de,0c,65,78,e5,b7,
1a,66,46,35,fd,b0,ee,7f,aa,b8,49,08,31,06,70,fd,fe,19,cb,10,66,ec,2f,dd,85,\
"rkeysecu"=hex:cc,83,a6,17,2a,eb,29,9c,b1,55,31,f7,88,5c,b9,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-05 02:42:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-05 00:42
.
Vor Suchlauf: 7 Verzeichnis(se), 101.484.670.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 101.501.534.208 Bytes frei
.
- - End Of File - - 246FC0F9FA3007878B64C2D758D39249
|
|
06.05.2013, 04:18
| #12 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Moin. Eigentlich wollte ich meinen letzten Beitrag editieren,aber ich habe nicht gefunden,wo/wie das geht und mußte leider einen neuen Post schreiben. Erstmal vorweg: Der Laptop ist schon lange nicht mehr so schnell hochgefahren,aber danach war das alte Problem bis Kaspersky meldete "Nicht mehr funktionstüchtig". Mußte leider mein Antiviren-Programm de- und neuinstallieren. War irgendwie nicht mehr funktionstüchtig. Aber jetzt kommt der Knaller. Nach der neuen Installation ist alles WUNDERBAR ! Werde jetzt deine nächste Instruktion abwarten und selbstverständlich nix weiter machen,wie vereinbart. Versuche mich nicht zu früh zu freuen. |
|
06.05.2013, 08:33
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2013, 09:37
| #14 |
| | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam Wie gut,daß ich mich zu gefreut habe. Er fährt schnell hoch und so gut wie alle Programme starten auch wunderbar schnell bis Kaspersky gestartet wird,dann wird alles langsam. Habe den Verdacht,daß es an Kaspersky liegt. Hier die Logfiles: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by OLI on 06.05.2013 at 9:46:33,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E2F0DA26-C1F5-4FBA-B83B-2C34E13F53E9}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho14B9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1EFE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho39F6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3E5E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3FC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6E32.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8186.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho941E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9743.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9E49.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD52.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC02.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC315.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDC8D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE957.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF71.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\OLI\appdata\local\ilivid player"
~~~ FireFox
Successfully deleted: [File] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\user.js
Successfully deleted: [File] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\startsear.xml
Successfully deleted: [Folder] C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\jetpack
Successfully deleted the following from C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\prefs.js
user_pref("browser.search.order.1", "Web Search");
user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=6f7df46e-1856-11e1-863c-88ae1dfea539&q=");
Emptied folder: C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\minidumps [134 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2013 at 9:51:51,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 06/05/2013 um 09:57:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OLI - LIEBERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\OLI\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\OLI\AppData\Roaming\Mozilla\Firefox\Profiles\eimny3to.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2749 octets] - [06/05/2013 09:56:57]
AdwCleaner[S1].txt - [2684 octets] - [06/05/2013 09:57:35]
########## EOF - C:\AdwCleaner[S1].txt - [2744 octets] ##########
OTL: Code:
ATTFilter OTL logfile created on: 06.05.2013 10:15:58 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 67,59% Memory free 5,49 Gb Paging File | 4,27 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 94,06 Gb Free Space | 63,11% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\OLI\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe () PRC - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (usbglcsservice) -- C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\UsbglcsSrv.exe () SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (usbglcs1080101) -- C:\Windows\SysNative\drivers\usbglcs1080101.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTERV1) -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{68840E18-4E84-4C21-8147-D29F61851A09}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{F54EFC98-7B8A-4AA3-A8DD-78E80E85DB36}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?ocid=ie9hphttp [Binary data over 200 bytes] IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{14509999-C769-43BA-A81E-CDCAC7E330C1}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{32A8E952-D9B3-4AD0-8DBC-04B748D79EE7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\..\SearchScopes\{679FE04A-A103-48FC-AA4D-F152BBE669F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.5 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.ftp: "77.48.30.205" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "77.48.30.205" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "77.48.30.205" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "77.48.30.205" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OLI\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLI\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OLI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2013.05.06 04:27:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2013.05.06 04:27:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2013.05.06 04:27:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:51:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 22:51:37 | 000,000,000 | ---D | M] [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions [2012.08.27 09:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2013.04.24 03:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions [2011.12.30 20:52:15 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\OLI\AppData\Roaming\mozilla\Firefox\Profiles\eimny3to.default\extensions\jyboy.yy@gmail.com [2012.05.19 17:12:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\check-compatibility@dactyl.googlecode.com.xpi [2013.04.21 22:41:55 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\compatibility@addons.mozilla.org.xpi [2013.04.04 03:45:22 | 000,281,174 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\download_mp3@dilandau.eu.xpi [2013.01.27 00:18:55 | 000,194,374 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\plugin@filsh.net.xpi [2013.02.11 03:25:56 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\stealthyextension@gmail.com.xpi [2013.04.24 03:31:14 | 000,223,761 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013.02.14 16:44:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.13 06:59:54 | 000,001,743 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\music-downloader.xml [2011.09.13 07:03:37 | 000,001,912 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\videosurf.xml [2011.09.13 07:01:12 | 000,004,140 | ---- | M] () -- C:\Users\OLI\AppData\Roaming\mozilla\firefox\profiles\eimny3to.default\searchplugins\youtube.xml [2013.05.06 04:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.05.06 04:07:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.05.06 04:07:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.04.11 22:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2013.04.11 22:51:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.11 22:51:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.12 10:54:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 10:54:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.12 10:54:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 10:54:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 10:54:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 10:54:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.05 02:36:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 5\suo10_smartram.exe (IObit) O4 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000..\Run: [XBGameingMouse] C:\Program Files (x86)\ELECOM E-Force Laser Gaming Mouse\GameMouseMonitor.exe () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC774E8-9E9A-41F7-AF63-81DCAA31AC0C}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F761BC-69FB-48E7-A0C8-5E72CEA4C0A3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E29FADF-7A39-4411-BC48-A23AC19D53D9}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A37F83FD-0ECF-4EA3-8D73-87835C07ACD8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 09:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.06 09:45:59 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.06 09:40:38 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\OLI\Desktop\JRT.exe [2013.05.06 04:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 12 [2013.05.06 04:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12 [2013.05.06 04:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.06 04:06:42 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.05.05 02:42:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.05 02:36:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.05 02:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.05 02:13:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.05 02:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.05 02:12:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.05 02:12:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.05 02:10:29 | 005,065,726 | R--- | C] (Swearware) -- C:\Users\OLI\Desktop\ComboFix.exe [2013.05.04 17:54:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\OLI\Desktop\tdsskiller.exe [2013.05.04 17:30:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\OLI\Desktop\aswMBR.exe [2013.05.04 13:02:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OLI\Desktop\OTL.exe [2013.04.30 11:34:10 | 000,000,000 | ---D | C] -- C:\Users\OLI\AppData\Roaming\dvdcss [2013.04.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.21 21:42:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.21 21:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.21 21:42:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.21 21:42:22 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.21 21:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.11 22:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 01:43:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.11 01:43:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.11 01:43:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 01:43:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.11 01:43:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.11 01:43:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 01:43:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.11 01:43:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.11 01:43:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.11 01:43:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.11 01:43:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 01:43:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 01:43:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 01:43:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 01:43:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 20:14:40 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 20:14:39 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 20:14:39 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 20:14:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 20:14:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 20:14:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 07:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.06 10:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 10:09:59 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 10:09:59 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 10:00:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000UA.job [2013.05.06 09:59:56 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.06 09:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 09:59:05 | 2211,205,120 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 09:54:40 | 000,628,743 | ---- | M] () -- C:\Users\OLI\Desktop\adwcleaner.exe [2013.05.06 09:40:50 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\OLI\Desktop\JRT.exe [2013.05.06 09:36:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.06 04:27:49 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2013.05.06 04:27:49 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2013.05.06 04:06:42 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.05.06 01:46:11 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 01:46:11 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 01:46:11 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 01:46:11 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 01:46:11 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.05 18:00:01 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3806870365-364280537-3892568835-1000Core.job [2013.05.05 02:36:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.05 02:10:49 | 005,065,726 | R--- | M] (Swearware) -- C:\Users\OLI\Desktop\ComboFix.exe [2013.05.04 17:54:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\OLI\Desktop\tdsskiller.exe [2013.05.04 17:51:22 | 000,000,512 | ---- | M] () -- C:\Users\OLI\Desktop\MBR.dat [2013.05.04 17:31:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\OLI\Desktop\aswMBR.exe [2013.05.04 13:26:16 | 000,377,856 | ---- | M] () -- C:\Users\OLI\Desktop\gmer_2.1.19163.exe [2013.05.04 13:02:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OLI\Desktop\OTL.exe [2013.05.04 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\OLI\defogger_reenable [2013.05.04 12:58:25 | 000,050,477 | ---- | M] () -- C:\Users\OLI\Desktop\Defogger.exe [2013.04.30 18:41:21 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 04:44:58 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.21 21:42:17 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.21 21:42:16 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.04.21 21:42:16 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.04.21 21:42:16 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.04.21 21:42:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.21 21:42:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.12 00:08:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 00:08:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.11 01:50:16 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.06 09:54:35 | 000,628,743 | ---- | C] () -- C:\Users\OLI\Desktop\adwcleaner.exe [2013.05.06 04:07:55 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2013.05.06 04:07:55 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2013.05.05 02:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.05 02:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.05 02:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.05 02:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.05 02:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.04 17:51:22 | 000,000,512 | ---- | C] () -- C:\Users\OLI\Desktop\MBR.dat [2013.05.04 13:26:15 | 000,377,856 | ---- | C] () -- C:\Users\OLI\Desktop\gmer_2.1.19163.exe [2013.05.04 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\OLI\defogger_reenable [2013.05.04 12:58:24 | 000,050,477 | ---- | C] () -- C:\Users\OLI\Desktop\Defogger.exe [2013.02.15 04:42:19 | 000,256,947 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe [2012.12.10 11:09:08 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.26 20:37:10 | 000,017,408 | ---- | C] () -- C:\Users\OLI\AppData\Local\WebpageIcons.db [2012.03.19 13:44:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.12.14 05:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe [2011.05.23 06:17:06 | 000,000,265 | ---- | C] () -- C:\Windows\game.ini [2011.01.20 21:00:32 | 000,007,599 | ---- | C] () -- C:\Users\OLI\AppData\Local\resmon.resmoncfg [2011.01.03 19:53:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.05.2013 10:15:58 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OLI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 67,59% Memory free
5,49 Gb Paging File | 4,27 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 94,06 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 126,73 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Computer Name: LIEBERT | User Name: OLI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1211D7D6-908C-462B-AA78-AE3830902511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DD11942-7A6F-42AC-9773-EC8361AA416F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EC5BCA6-F3B4-49F1-9B2C-FBD9F7892F8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F4A363A-124C-41AF-8371-859378FDBC9B}" = lport=445 | protocol=6 | dir=in | app=system |
"{39196980-25E9-41A3-B8FE-21CDE2ACD24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A51B552-3E73-4EEA-9864-CAF1A7A00425}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50F7DD02-FFAF-4CB1-B179-80CD2693EE95}" = lport=137 | protocol=17 | dir=in | app=system |
"{53821D93-1BCE-480C-BF0C-C17DF272AA18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{586D1FB6-2A07-4C68-9829-939236537700}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D13920E-5AB5-4302-ABDA-584EF0CED3D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{65147306-555D-483C-B65C-04E8E798EAAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78DB3E3D-D768-4B94-8CB4-FDB28B5F40F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CD525F6-35C5-45B2-BE42-3B0C85C90A71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B48888E-5C62-4742-AC04-407DE0AB04A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A534B4E-3184-40BD-A30E-23B5A85B66D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9F046C08-0CD5-4580-BCF0-85A879819D80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA302B03-39FB-445D-9849-C0742FB0002F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C253D039-3B00-462D-AE0E-D268C4017FA2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8DF7340-8159-4C2F-9E53-D11356BA41DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D687C250-333F-403B-9864-31B8A1E737DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{E08610B7-AF8B-4E6B-8410-A3AEE6D26E5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5120809-1EBF-4196-A473-CE47B057A645}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE601E16-D352-44A7-A325-1F0A8F0294BE}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066B6764-1F20-461B-AA1D-565A9DFA2E4D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{0FA44BAF-A3F7-4CB1-83E0-FE18831309A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{16668A7D-8A46-4A7B-9D31-613B8A58F20C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{253F5739-D4CE-48A2-8769-9BA7FD164694}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2D54B855-24E9-41F0-BD50-10F069BD27CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36EECCEA-A5A6-4B62-BD4D-C3112ABAE12E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39301E41-3919-42DF-AB44-727979F26393}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{3ABFF15A-A630-4135-9867-23F5DF19487A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41564087-A844-47E2-8BE5-F18FDB56FE61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C38120C-8647-4D00-B726-A1DCC7BCBAAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57C96228-5D68-4558-8B44-DB3E305B9188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61547546-893E-434F-9FBD-C6294B8F727D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BB98B3A-7580-45E4-91FA-92E12A99A499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FFE608B-67CF-457C-9465-53AA7B32ABCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76381093-71D7-448B-B0AC-FB70F54A7924}" = protocol=6 | dir=out | app=system |
"{784A83C3-2258-4F7C-ABF3-2A4A328AA5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78EC69CE-053F-412B-AC28-2722B66C0E4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7D1DE0BE-79F8-46FF-B38F-78EBFCDC06E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{915C0F03-2DA0-4DC2-81F7-BE59D151A627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94275EC7-C437-4517-9116-C7993D2F5A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB930DAB-D69F-4979-98F5-F8121B99882F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ADEFF3B4-83D0-41E6-A139-EE06EEF2337B}" = protocol=17 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B94911F1-D56F-4189-8016-547F33583E2E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C19AAA2A-1D4A-4136-9086-A9858DAD82A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1DDB058-B9F7-4D18-9876-45FCC8245389}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66C1C97-0E3E-4C41-858D-46AE51949703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6C704B5-13D9-4E85-BFF6-09A8211F59D6}" = protocol=6 | dir=in | app=c:\users\oli\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{1D3F0D53-F812-4346-91F9-7482DE757A31}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{2DEB07CC-C537-481A-9346-131597109249}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{6B9258EA-9CD3-4823-B59D-0AA1D2EBE00A}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"TCP Query User{7D63FFF2-75D6-46AF-B261-0ABA263B37D7}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{785F008C-33A0-482E-A5A9-2944504347F1}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{909B5985-1F84-440A-96AE-E0453AD62E31}C:\program files (x86)\id software\quake 4\quake4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\id software\quake 4\quake4.exe |
"UDP Query User{AAA0D1E3-1C2A-4144-A989-CD077071C71F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{C8B1DD81-E506-4D4E-9975-F46C579D115A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DB58D2-E7E8-5B0F-65F8-B76713C0AF75}" = ATI Catalyst Install Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CC3F8680-2A8A-95B1-584E-EA4BDE0DF783}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CB6FBBE-71FC-7AE1-0506-AF2DFAAB5F99}" = CCC Help Finnish
"{0DCDE91E-ACD7-A105-A713-CF3C22BC1EF7}" = CCC Help Portuguese
"{0E4D665E-0441-D356-1B61-4FDCE2122F54}" = CCC Help Danish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3AB215C2-0BE4-EC89-A90A-FA54B7C03E0A}" = CCC Help Chinese Traditional
"{3B2AFF45-1C2E-E544-A480-A9CA43FC8977}" = Catalyst Control Center Localization All
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E70F662-B29D-FE4E-D31D-0D088AB3C42E}" = CCC Help German
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40C17193-BC19-CB9F-35DA-A44F9B6A520F}" = Catalyst Control Center Graphics Previews Common
"{418E42D7-E8D0-1953-B7ED-9D75149D64D5}" = CCC Help Turkish
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CE1803-BA5B-F103-47E8-296CD40EB98C}" = Photo Service - powered by myphotobook
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F8EBB31-EB6A-7C7A-40ED-57F2841998EB}" = CCC Help Czech
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64E65803-D18A-D799-01A9-69ACB8B49B5E}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{85A87BCB-C8A1-179D-231D-D77C2462394F}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95CFDCE3-0AE1-01F5-D9C8-D5016C49D2D9}" = CCC Help Hungarian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC701E9-79FB-19EB-907C-33730D6D9450}" = Catalyst Control Center Graphics Previews Vista
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A920CC75-A1F8-4275-6CBF-0B7817AF364E}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A75A7F-4785-430D-8013-77BC1FD13A4C}" = Simple Adblock
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B10364A6-B6BD-9F06-BF50-A779FBE803F4}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D136FCBA-7D93-DA4E-ED4D-024ACA891E70}" = CCC Help Japanese
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5F7D473-4819-D77B-E5A8-4B1569C47A2D}" = CCC Help Korean
"{D7397487-E01A-6ACE-C24E-BB19469B9FDE}" = CCC Help Swedish
"{DB928E9C-4C6B-DDF4-0748-C4D542A75E95}" = CCC Help Chinese Standard
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DDC8362F-D041-6C5E-0221-E23CF71C73AE}" = CCC Help Spanish
"{DDDD6410-C2B9-7BC7-3A93-0D155AE07E25}" = Catalyst Control Center InstallProxy
"{DEC74752-09D3-309D-72B6-40114F57B223}" = CCC Help Russian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{EC8D0634-4567-DBD4-97B2-F8C879F7DBF8}" = CCC Help English
"{F0483BEB-E626-E306-DFBD-D3A1E582BF43}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2431B40-5D69-BBB8-F20B-4F28D8ED563E}" = CCC Help Thai
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F4AECBDF-6985-E352-7392-152A0570573E}" = CCC Help Greek
"{F5A6CC63-2BED-914D-04E5-1702471E675D}" = ccc-core-static
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"BILDmobil" = BILDmobil
"Bridge Construction Set_is1" = Bridge Construction Set 1.3.9.1
"CloneCD" = CloneCD
"Das Quiz mit Jörg Pilawa Special" = Das Quiz mit Jörg Pilawa Special
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ELECOM E-Force Laser Gaming Mouse14101" = ELECOM E-Force Laser Gaming Mouse
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Game Booster_is1" = Game Booster 3
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QLDT" = Quake Live Demo Tools
"QLPrism" = QLPrism
"SopCast" = SopCast 3.5.0
"Star Sword_is1" = Star Sword
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3806870365-364280537-3892568835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2013 04:02:25 | Computer Name = Liebert | Source = TOSHIBA Service Station | ID = 0
Description = TSS Load: could not communicate with TMachInfo service
[ System Events ]
Error - 06.05.2013 04:03:24 | Computer Name = Liebert | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
< End of report >
|
|
06.05.2013, 10:39
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsamFixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_NBVUV6PKDVBGTLPHJKBUK1R0WTPLY2LB3W2PHDEX6J5T4BW9V4DLNNH2V1UY71VU5VVVVVJVTVVJVT
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Mein Laptop fährt nur noch langsam hoch bzw. ist während des Gebrauchs sehr langsam |
| 7-zip, adobe reader xi, autorun, bho, bingbar, error, fehler, firefox, flash player, helper, home, hängt, kaspersky, langsam, logfile, microsoft office starter 2010, mmc.exe, mozilla, mp3, plug-in, problem, realtek, richtlinie, rundll, scan, security, sehr langsam, software, svchost.exe, systemcare, taskhost.exe, tastatur, teamspeak, virus, windows |
Textbox. 
Linear-Darstellung
